CVE-2024-41083

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-41083
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid Fix netfs_page_mkwrite() to check that folio->mapping is valid once it has taken the folio lock (as filemap_page_mkwrite() does). Without this, generic/247 occasionally oopses with something like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0 ... Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x6e/0xa0 ? exc_page_fault+0xc2/0xe0 ? asm_exc_page_fault+0x22/0x30 ? trace_event_raw_event_netfs_folio+0x61/0xc0 trace_netfs_folio+0x39/0x40 netfs_page_mkwrite+0x14c/0x1d0 do_page_mkwrite+0x50/0x90 do_pte_missing+0x184/0x200 __handle_mm_fault+0x42d/0x500 handle_mm_fault+0x121/0x1f0 do_user_addr_fault+0x23e/0x3c0 exc_page_fault+0xc2/0xe0 asm_exc_page_fault+0x22/0x30 This is due to the invalidate_inode_pages2_range() issued at the end of the DIO write interfering with the mmap'd writes.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25 Patch
https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2 Patch
https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25 Patch
https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

21 Nov 2024, 09:32

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25 - Patch () https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25 - Patch
References () https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2 - Patch () https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2 - Patch

26 Aug 2024, 14:23

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfs: corrija netfs_page_mkwrite() para verificar que folio-&gt;mapping sea válido. Corrija netfs_page_mkwrite() para verificar que folio-&gt;mapping sea válido una vez que haya tomado el bloqueo de folio (como filemap_page_mkwrite( ) hace). Sin esto, generic/247 ocasionalmente falla con algo como lo siguiente: ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - página no presente RIP: 0010:trace_event_raw_event_netfs_folio +0x61/0xc0... Seguimiento de llamadas: ? __die_body+0x1a/0x60 ? page_fault_oops+0x6e/0xa0? exc_page_fault+0xc2/0xe0? asm_exc_page_fault+0x22/0x30? trace_event_raw_event_netfs_folio+0x61/0xc0 trace_netfs_folio+0x39/0x40 netfs_page_mkwrite+0x14c/0x1d0 do_page_mkwrite+0x50/0x90 do_pte_missing+0x184/0x200 __handle_mm_fault+0x42d/0x500 _fault+0x121/0x1f0 do_user_addr_fault+0x23e/0x3c0 exc_page_fault+0xc2/0xe0 asm_exc_page_fault+0x22/0x30 Esto se debe a que invalidate_inode_pages2_range() emitido al final de la escritura DIO interfiere con las escrituras mmap.
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-476
References () https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25 - () https://git.kernel.org/stable/c/3473eb87afd402e415a8ca885b284ea0420dde25 - Patch
References () https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2 - () https://git.kernel.org/stable/c/a81c98bfa40c11f8ea79b5a9b3f5fda73bfbb4d2 - Patch
First Time Linux
Linux linux Kernel

29 Jul 2024, 16:21

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-29 16:15

Updated : 2024-11-21 09:32

NVD link : CVE-2024-41083

Mitre link : CVE-2024-41083

CVE.ORG link : CVE-2024-41083

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024