1. Patchew
  2. linux
  3. View series

[PATCH] CVE-2024-56642: Fix wrong fixes tag and function name in commit message.

Siddh Raman Pant posted 1 patch 11 months, 3 weeks ago 
cve/published/2024/CVE-2024-56642.diff       | 11 +++++++++++
cve/published/2024/CVE-2024-56642.vulnerable |  1 +
2 files changed, 12 insertions(+)
create mode 100644 cve/published/2024/CVE-2024-56642.diff
create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable
[PATCH] CVE-2024-56642: Fix wrong fixes tag and function name in commit message.
Posted by Siddh Raman Pant 11 months, 3 weeks ago 
Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
---
 cve/published/2024/CVE-2024-56642.diff       | 11 +++++++++++
 cve/published/2024/CVE-2024-56642.vulnerable |  1 +
 2 files changed, 12 insertions(+)
 create mode 100644 cve/published/2024/CVE-2024-56642.diff
 create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable

diff --git a/cve/published/2024/CVE-2024-56642.diff b/cve/published/2024/CVE-2024-56642.diff
new file mode 100644
index 000000000000..b31d3694986c
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.diff
@@ -0,0 +1,11 @@
+--- a/CVE-2024-56642.mbox
++++ b/CVE-2024-56642.mbox
+@@ -18,7 +18,7 @@ When bearer_disable() calls tipc_udp_disable(), cleanup
+ of the UDP kernel socket is deferred by work calling
+ cleanup_bearer().
+ 
+-tipc_net_stop() waits for such works to finish by checking
++tipc_exit_net() waits for such works to finish by checking
+ tipc_net(net)->wq_count.  However, the work decrements the
+ count too early before releasing the kernel socket,
+ unblocking cleanup_net() and resulting in use-after-free.
diff --git a/cve/published/2024/CVE-2024-56642.vulnerable b/cve/published/2024/CVE-2024-56642.vulnerable
new file mode 100644
index 000000000000..75eac70bd13b
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.vulnerable
@@ -0,0 +1 @@
+04c26faa51d1e2fe71cf13c45791f5174c37f986
-- 
2.47.2
Re: [PATCH] CVE-2024-56642: Fix wrong fixes tag and function name in commit message.
Posted by Greg KH 11 months, 3 weeks ago 
On Tue, Feb 18, 2025 at 07:23:44PM +0530, Siddh Raman Pant wrote:
> Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>

Please provide some text here that descibes what is happening.  We can't
just take commits with no information at all, and neither would you want
us to :)

Also, can you break this up into two commits?  The changelog text I'm
going to have to convert into a diff in a different way.

thanks,

greg k-h
[PATCH 1/2] CVE-2024-56642: Fix wrong fixes tag.
Posted by Siddh Raman Pant 11 months, 3 weeks ago 
The fixes tag in the commit message is incorrect. It should be the
commit which adds the counter, which is:

04c26faa51d1 ("tipc: wait and exit until all work queues are done")

Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
---
 cve/published/2024/CVE-2024-56642.vulnerable | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable

diff --git a/cve/published/2024/CVE-2024-56642.vulnerable b/cve/published/2024/CVE-2024-56642.vulnerable
new file mode 100644
index 000000000000..75eac70bd13b
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.vulnerable
@@ -0,0 +1 @@
+04c26faa51d1e2fe71cf13c45791f5174c37f986
-- 
2.47.2
Re: [PATCH 1/2] CVE-2024-56642: Fix wrong fixes tag.
Posted by Greg KH 11 months, 3 weeks ago 
On Tue, Feb 18, 2025 at 08:07:31PM +0530, Siddh Raman Pant wrote:
> The fixes tag in the commit message is incorrect. It should be the
> commit which adds the counter, which is:
> 
> 04c26faa51d1 ("tipc: wait and exit until all work queues are done")
> 
> Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
> ---
>  cve/published/2024/CVE-2024-56642.vulnerable | 1 +
>  1 file changed, 1 insertion(+)
>  create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable
> 
> diff --git a/cve/published/2024/CVE-2024-56642.vulnerable b/cve/published/2024/CVE-2024-56642.vulnerable
> new file mode 100644
> index 000000000000..75eac70bd13b
> --- /dev/null
> +++ b/cve/published/2024/CVE-2024-56642.vulnerable
> @@ -0,0 +1 @@
> +04c26faa51d1e2fe71cf13c45791f5174c37f986
> -- 
> 2.47.2
> 

Many thanks, both now applied and the cve record has been regenerated.

greg k-h
[PATCH 2/2] CVE-2024-56642: Fix mention of wrong function.
Posted by Siddh Raman Pant 11 months, 3 weeks ago 
The function which waits is tipc_exit_net(), which has the spinning
while loop at the end.

Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
---
 cve/published/2024/CVE-2024-56642.diff | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 cve/published/2024/CVE-2024-56642.diff

diff --git a/cve/published/2024/CVE-2024-56642.diff b/cve/published/2024/CVE-2024-56642.diff
new file mode 100644
index 000000000000..b31d3694986c
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.diff
@@ -0,0 +1,11 @@
+--- a/CVE-2024-56642.mbox
++++ b/CVE-2024-56642.mbox
+@@ -18,7 +18,7 @@ When bearer_disable() calls tipc_udp_disable(), cleanup
+ of the UDP kernel socket is deferred by work calling
+ cleanup_bearer().
+ 
+-tipc_net_stop() waits for such works to finish by checking
++tipc_exit_net() waits for such works to finish by checking
+ tipc_net(net)->wq_count.  However, the work decrements the
+ count too early before releasing the kernel socket,
+ unblocking cleanup_net() and resulting in use-after-free.
-- 
2.47.2

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.