CVE-2024-38569

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd [1], but the driver does not check whether the array index is out of bounds when writing data to the event_group array. If the number of events in an event_group is greater than HISI_PCIE_MAX_COUNTERS, the memory write overflow of event_group array occurs. Add array index check to fix the possible array out of bounds violation, and return directly when write new events are written to array bounds. There are 9 different events in an event_group. [1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}'
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:26

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9 - Patch () https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9 - Patch
References () https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220 - Patch () https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220 - Patch
References () https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b - Patch () https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b - Patch
References () https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0 - Patch () https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0 - Patch
References () https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78 - Patch () https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78 - Patch

19 Sep 2024, 13:23

Type Values Removed Values Added
CWE CWE-129
First Time Linux
Linux linux Kernel
References () https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9 - () https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9 - Patch
References () https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220 - () https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220 - Patch
References () https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b - () https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b - Patch
References () https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0 - () https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0 - Patch
References () https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78 - () https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78 - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/perf: hisi_pcie: corrige el acceso fuera de los límites cuando el grupo de eventos es válido. La herramienta perf permite a los usuarios crear grupos de eventos mediante el siguiente cmd [1], pero el controlador no compruebe si el índice de la matriz está fuera de los límites al escribir datos en la matriz event_group. Si el número de eventos en un event_group es mayor que HISI_PCIE_MAX_COUNTERS, se produce un desbordamiento de escritura en la memoria de la matriz event_group. Agregue la verificación del índice de la matriz para corregir la posible infracción de la matriz fuera de los límites y regrese directamente cuando se escriban nuevos eventos en los límites de la matriz. Hay 9 eventos diferentes en un grupo de eventos. [1] estadística de rendimiento -e '{pmu/event1/, ...,pmu/event9/}'

19 Jun 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-19 14:15

Updated : 2024-11-21 09:26


NVD link : CVE-2024-38569

Mitre link : CVE-2024-38569

CVE.ORG link : CVE-2024-38569


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-129

Improper Validation of Array Index