CVE-2024-41085

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-41085
In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address: 0000000000000078 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page RIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem] Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x82/0x160 ? do_user_addr_fault+0x65/0x6b0 ? exc_page_fault+0x7d/0x170 ? asm_exc_page_fault+0x26/0x30 ? cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem] ? cxl_pmem_region_probe+0x1ac/0x360 [cxl_pmem] cxl_bus_probe+0x1b/0x60 [cxl_core] really_probe+0x173/0x410 ? __pfx___device_attach_driver+0x10/0x10 __driver_probe_device+0x80/0x170 driver_probe_device+0x1e/0x90 __device_attach_driver+0x90/0x120 bus_for_each_drv+0x84/0xe0 __device_attach+0xbc/0x1f0 bus_probe_device+0x90/0xa0 device_add+0x51c/0x710 devm_cxl_add_pmem_region+0x1b5/0x380 [cxl_core] cxl_bus_probe+0x1b/0x60 [cxl_core] The cxl_nvd of the memdev needs to be available during the pmem region probe. Currently the cxl_nvd is registered after the endpoint port probe. The endpoint probe, in the case of autoassembly of regions, can cause a pmem region probe requiring the not yet available cxl_nvd. Adjust the sequence so this dependency is met. This requires adding a port parameter to cxl_find_nvdimm_bridge() that can be used to query the ancestor root port. The endpoint port is not yet available, but will share a common ancestor with its parent, so start the query from there instead.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600 Patch
https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

22 Aug 2024, 13:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl/mem: no se corrige cxl_nvd durante el autoensamblaje de la región pmem. Cuando el subsistema CXL ensambla automáticamente una región pmem durante el sondeo del puerto del endpoint cxl, presione siempre debajo de calltrace. ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000078 #PF: acceso de lectura del supervisor en modo kernel #PF: código_error(0x0000) - página no presente RIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem] Seguimiento de llamadas: ? __morir+0x24/0x70 ? page_fault_oops+0x82/0x160? do_user_addr_fault+0x65/0x6b0? exc_page_fault+0x7d/0x170? asm_exc_page_fault+0x26/0x30? cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem] ? cxl_pmem_region_probe+0x1ac/0x360 [cxl_pmem] cxl_bus_probe+0x1b/0x60 [cxl_core] really_probe+0x173/0x410? __pfx___device_attach_driver+0x10/0x10 __driver_probe_device+0x80/0x170 driver_probe_device+0x1e/0x90 __device_attach_driver+0x90/0x120 bus_for_each_drv+0x84/0xe0 __device_attach+0xbc/0x1f0 be_device+0x90/0xa0 device_add+0x51c/0x710 devm_cxl_add_pmem_region+0x1b5/0x380 [cxl_core] cxl_bus_probe+ 0x1b/0x60 [cxl_core] El cxl_nvd de memdev debe estar disponible durante el sondeo de la región pmem. Actualmente, cxl_nvd está registrado después de la sonda del puerto del endpoint. La sonda de endpoint, en el caso de autoensamblaje de regiones, puede provocar una sonda de región pmem que requiera el cxl_nvd aún no disponible. Ajuste la secuencia para que se cumpla esta dependencia. Esto requiere agregar un parámetro de puerto a cxl_find_nvdimm_bridge() que se puede usar para consultar el puerto raíz ancestro. El puerto del endpoint aún no está disponible, pero compartirá un ancestro común con su padre, así que inicie la consulta desde allí.
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600 - () https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600 - Patch
References () https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96 - () https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96 - Patch
First Time Linux
Linux linux Kernel
CWE CWE-476

29 Jul 2024, 16:21

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-29 16:15

Updated : 2024-08-22 13:16

NVD link : CVE-2024-41085

Mitre link : CVE-2024-41085

CVE.ORG link : CVE-2024-41085

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference