漏洞标题
pds_core:使等待上下文成为q_info的一部分
漏洞描述信息
## 概述
在 Linux 内核中的 `pds_core` 模块中,修复了一个漏洞。该漏洞使得 `wait_context` 成为 `q_info` 结构的一部分,而不是一个在 `pdsc_adminq_post()` 函数结束后消失的栈变量。这样可以确保在等待循环放弃后,上下文仍然可用。
## 细节
在某些情况下,慢速开发固件会导致管理队列请求超时。然而,固件最终完成了请求并发送了中断。处理程序尝试完成在 `pdsc_adminq_post()` 函数中栈上创建但已不存在的完成上下文,从而导致指针错误使用、内核崩溃等严重问题。
## 影响
- **坏指针使用**
- **内核崩溃**
- **系统稳定性问题**
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
释放后使用
漏洞标题
pds_core: make wait_context part of q_info
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved:
pds_core: make wait_context part of q_info
Make the wait_context a full part of the q_info struct rather
than a stack variable that goes away after pdsc_adminq_post()
is done so that the context is still available after the wait
loop has given up.
There was a case where a slow development firmware caused
the adminq request to time out, but then later the FW finally
finished the request and sent the interrupt. The handler tried
to complete_all() the completion context that had been created
on the stack in pdsc_adminq_post() but no longer existed.
This caused bad pointer usage, kernel crashes, and much wailing
and gnashing of teeth.
CVSS信息
N/A
漏洞类别
N/A