Linux Kernel up to 6.7.11 thunderbolt tb_port_update_credits null pointer dereference

Summaryinfo

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.7.11. The impacted element is the function tb_port_update_credits of the component thunderbolt. The manipulation results in null pointer dereference. This vulnerability was named CVE-2024-27060. There is no available exploit. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.7.11. It has been classified as critical. Affected is the function tb_port_update_credits of the component thunderbolt. The manipulation with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:tb_port_do_update_credits+0x1b/0x130 [thunderbolt] Call Trace: ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? tb_port_do_update_credits+0x1b/0x130 ? tb_switch_update_link_attributes+0x83/0xd0 tb_switch_add+0x7a2/0xfe0 tb_scan_port+0x236/0x6f0 tb_handle_hotplug+0x6db/0x900 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 This is due the fact that some Thunderbolt 1 devices only have one lane adapter. Fix this by checking for the lane 1 before we read its credits.

The advisory is available at git.kernel.org. This vulnerability is traded as CVE-2024-27060 since 02/19/2024. The exploitability is told to be difficult. Technical details are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 247359 (Linux Distros Unpatched Vulnerability : CVE-2024-27060), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.7.12 or 6.8 eliminates this vulnerability. Applying the patch ce64ba1f6ec3/d3d17e23d1a0 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (247359) and CERT Bund (WID-SEC-2024-1008). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• Oracle VM
• EMC Avamar
• IBM QRadar SIEM
• Dell NetWorker
• IBM Security Guardium
• RESF Rocky Linux
• Broadcom Brocade SANnav
• Open Source Linux Kernel
• IBM Business Automation Workflow
• IBM Spectrum Protect Plus
• Dell Avamar
• Juniper Junos Space
• IBM DataPower Gateway
• IBM Storage Scale System
• SolarWinds Security Event Manager
• Dell PowerProtect Data Domain
• Dell PowerScale OneFS

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.7.0
• 6.7.1
• 6.7.2
• 6.7.3
• 6.7.4
• 6.7.5
• 6.7.6
• 6.7.7
• 6.7.8
• 6.7.9
• 6.7.10
• 6.7.11

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion