CVE-2024-42254

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent error handling in io_alloc_pbuf_ring(). KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341 Call Trace: <TASK> io_put_bl io_uring/kbuf.c:378 [inline] io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392 io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613 io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d	Patch
https://git.kernel.org/stable/c/bcc87d978b834c298bbdd9c52454c5d0a946e97e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:6.10:-::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc7::::::

History

06 Sep 2024, 13:40

Type	Values Removed	Values Added
CWE		CWE-476
References	~~() https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d -~~	() https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d - Patch
References	~~() https://git.kernel.org/stable/c/bcc87d978b834c298bbdd9c52454c5d0a946e97e -~~	() https://git.kernel.org/stable/c/bcc87d978b834c298bbdd9c52454c5d0a946e97e - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.10:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:-:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc7::::::

08 Aug 2024, 13:04

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: io_uring: corrige el error pbuf comprobando Syz informa un problema, que se reduce a un manejo inconsistente de errores NULL vs IS_ERR en io_alloc_pbuf_ring(). KASAN: null-ptr-deref en el rango [0x0000000000000000-0x0000000000000007] RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341 Seguimiento de llamadas: io_put_bl io_uring/kbuf.c:378 línea] io_destroy_buffers+0x14e /0x490 io_uring/kbuf.c:392 io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613 io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844 Process_one_work kernel/workqueue.c:3231 [en línea] Núcleo 0xa2c/0x1830 /workqueue.c:3312 trabajador_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/ 0x30 arco/x86/entrada/entry_64.S:244

08 Aug 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-08 09:15

Updated : 2024-09-06 13:40

NVD link : CVE-2024-42254

Mitre link : CVE-2024-42254

CVE.ORG link : CVE-2024-42254

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10