漏洞标题
媒体:rkisp1:修复IRQ禁用时的竞态问题
漏洞描述信息
在Linux内核中,已经修复了以下漏洞:
媒体:rkisp1:修复中断禁用时的竞态问题
在rkisp1_isp_stop()和rkisp1_csi_disable()函数中,驱动程序会屏蔽中断,然后似乎假设中断处理程序不会运行,并继续进行停止过程。但实际情况并非如此,因为中断处理程序可能已经开始运行,导致中断服务被关闭,而此时中断处理程序正在处理捕获的帧。
这引出了两个问题:1)在中断处理程序仍在运行并访问寄存器时,ISP可能会被断电,导致主板死锁;2)中断处理程序代码和禁用流媒体的代码可能执行冲突的操作。
我不清楚问题2是否会造成实际问题,但问题1可以通过在中断处理程序中添加适当的延迟(在我的情况下是打印日志),从而观察到主板死锁的情况。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
使用共享资源的并发执行不恰当同步问题(竞争条件)
漏洞标题
media: rkisp1: Fix IRQ disable race issue
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
media: rkisp1: Fix IRQ disable race issue
In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the
interrupts and then apparently assumes that the interrupt handler won't
be running, and proceeds in the stop procedure. This is not the case, as
the interrupt handler can already be running, which would lead to the
ISP being disabled while the interrupt handler handling a captured
frame.
This brings up two issues: 1) the ISP could be powered off while the
interrupt handler is still running and accessing registers, leading to
board lockup, and 2) the interrupt handler code and the code that
disables the streaming might do things that conflict.
It is not clear to me if 2) causes a real issue, but 1) can be seen with
a suitable delay (or printk in my case) in the interrupt handler,
leading to board lockup.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linux kernel 安全漏洞
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于media rkisp1中的rkisp1_isp_stop() 和 rkisp1_csi_disable()存在竞争问题。
CVSS信息
N/A
漏洞类别
其他