### [CVE-2024-57885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57885)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3a6f33d86baa8103c80f62edd9393e9f7bf25d72%3C%2086d946f3f9992aaa12abcfd09f925446c2cd42a2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:mm/kmemleak: fix sleeping function called from invalid context at print messageAddress a bug in the kernel that triggers a "sleeping function called frominvalid context" warning when /sys/kernel/debug/kmemleak is printed underspecific conditions:- CONFIG_PREEMPT_RT=y- Set SELinux as the LSM for the system- Set kptr_restrict to 1- kmemleak buffer contains at least one itemBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 136, name: catpreempt_count: 1, expected: 0RCU nest depth: 2, expected: 26 locks held by cat/136: #0: ffff32e64bcbf950 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb8/0xe30 #1: ffffafe6aaa9dea0 (scan_mutex){+.+.}-{3:3}, at: kmemleak_seq_start+0x34/0x128 #3: ffff32e6546b1cd0 (&object->lock){....}-{2:2}, at: kmemleak_seq_show+0x3c/0x1e0 #4: ffffafe6aa8d8560 (rcu_read_lock){....}-{1:2}, at: has_ns_capability_noaudit+0x8/0x1b0 #5: ffffafe6aabbc0f8 (notif_lock){+.+.}-{2:2}, at: avc_compute_av+0xc4/0x3d0irq event stamp: 136660hardirqs last  enabled at (136659): [<ffffafe6a80fd7a0>] _raw_spin_unlock_irqrestore+0xa8/0xd8hardirqs last disabled at (136660): [<ffffafe6a80fd85c>] _raw_spin_lock_irqsave+0x8c/0xb0softirqs last  enabled at (0): [<ffffafe6a5d50b28>] copy_process+0x11d8/0x3df8softirqs last disabled at (0): [<0000000000000000>] 0x0Preemption disabled at:[<ffffafe6a6598a4c>] kmemleak_seq_show+0x3c/0x1e0CPU: 1 UID: 0 PID: 136 Comm: cat Tainted: G            E      6.11.0-rt7+ #34Tainted: [E]=UNSIGNED_MODULEHardware name: linux,dummy-virt (DT)Call trace: dump_backtrace+0xa0/0x128 show_stack+0x1c/0x30 dump_stack_lvl+0xe8/0x198 dump_stack+0x18/0x20 rt_spin_lock+0x8c/0x1a8 avc_perm_nonode+0xa0/0x150 cred_has_capability.isra.0+0x118/0x218 selinux_capable+0x50/0x80 security_capable+0x7c/0xd0 has_ns_capability_noaudit+0x94/0x1b0 has_capability_noaudit+0x20/0x30 restricted_pointer+0x21c/0x4b0 pointer+0x298/0x760 vsnprintf+0x330/0xf70 seq_printf+0x178/0x218 print_unreferenced+0x1a4/0x2d0 kmemleak_seq_show+0xd0/0x1e0 seq_read_iter+0x354/0xe30 seq_read+0x250/0x378 full_proxy_read+0xd8/0x148 vfs_read+0x190/0x918 ksys_read+0xf0/0x1e0 __arm64_sys_read+0x70/0xa8 invoke_syscall.constprop.0+0xd4/0x1d8 el0_svc+0x50/0x158 el0t_64_sync+0x17c/0x180%pS and %pK, in the same back trace line, are redundant, and %pS can void%pK service in certain contexts.%pS alone already provides the necessary information, and if it cannotresolve the symbol, it falls back to printing the raw address voidingthe original intent behind the %pK.Additionally, %pK requires a privilege check CAP_SYSLOG enforced throughthe LSM, which can trigger a "sleeping function called from invalidcontext" warning under RT_PREEMPT kernels when the check occurs in anatomic context. This issue may also affect other LSMs.This change avoids the unnecessary privilege check and resolves thesleeping function warning without any loss of information.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/oogasawa/Utility-security