mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
102 lines
6.6 KiB
JSON
102 lines
6.6 KiB
JSON
|
{
|
||
|
|
"data_version": "4.0",
|
||
|
|
"data_type": "CVE",
|
||
|
|
"data_format": "MITRE",
|
||
|
|
"CVE_data_meta": {
|
||
|
|
"ID": "CVE-2024-57795",
|
||
|
|
"ASSIGNER": "cve@kernel.org",
|
||
|
|
"STATE": "PUBLIC"
|
||
|
|
},
|
||
|
|
"description": {
|
||
|
|
"description_data": [
|
||
|
|
{
|
||
|
|
"lang": "eng",
|
||
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Remove the direct link to net_device\n\nThe similar patch in siw is in the link:\nhttps://git.kernel.org/rdma/rdma/c/16b87037b48889\n\nThis problem also occurred in RXE. The following analyze this problem.\nIn the following Call Traces:\n\"\nBUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782\nRead of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295\n\nCPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted\n6.12.0-rc3-syzkaller-00399-g9197b73fd7bb #0\nHardware name: Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nWorkqueue: infiniband ib_cache_event_task\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n dev_get_flags+0x188/0x1d0 net/core/dev.c:8782\n rxe_query_port+0x12d/0x260 drivers/infiniband/sw/rxe/rxe_verbs.c:60\n __ib_query_port drivers/infiniband/core/device.c:2111 [inline]\n ib_query_port+0x168/0x7d0 drivers/infiniband/core/device.c:2143\n ib_cache_update+0x1a9/0xb80 drivers/infiniband/core/cache.c:1494\n ib_cache_event_task+0xf3/0x1e0 drivers/infiniband/core/cache.c:1568\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\"\n\n1). In the link [1],\n\n\"\n infiniband syz2: set down\n\"\n\nThis means that on 839.350575, the event ib_cache_event_task was sent andi\nqueued in ib_wq.\n\n2). In the link [1],\n\n\"\n team0 (unregistering): Port device team_slave_0 removed\n\"\n\nIt indicates that before 843.251853, the net device should be freed.\n\n3). In the link [1],\n\n\"\n BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0\n\"\n\nThis means that on 850.559070, this slab-use-after-free problem occurred.\n\nIn all, on 839.350575, the event ib_cache_event_task was sent and queued\nin ib_wq,\n\nbefore 843.251853, the net device veth was freed.\n\non 850.559070, this event was executed, and the mentioned freed net device\nwas called. Thus, the above call trace occurred.\n\n[1] https://syzkaller.appspot.com/x/log.txt?x=12e7025f980000"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"problemtype": {
|
||
|
|
"problemtype_data": [
|
||
|
|
{
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "eng",
|
||
|
|
"value": "n/a"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"affects": {
|
||
|
|
"vendor": {
|
||
|
|
"vendor_data": [
|
||
|
|
{
|
||
|
|
"vendor_name": "Linux",
|
||
|
|
"product": {
|
||
|
|
"product_data": [
|
||
|
|
{
|
||
|
|
"product_name": "Linux",
|
||
|
|
"version": {
|
||
|
|
"version_data": [
|
||
|
|
{
|
||
|
|
"version_affected": "<",
|
||
|
|
"version_name": "8700e3e7c4857d28ebaa824509934556da0b3e76",
|
||
|
|
"version_value": "9f6f54e6a6863131442b40e14d1792b090c7ce21"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version_value": "not down converted",
|
||
|
|
"x_cve_json_5_version_data": {
|
||
|
|
"versions": [
|
||
|
|
{
|
||
|
|
"version": "4.8",
|
||
|
|
"status": "affected"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version": "0",
|
||
|
|
"lessThan": "4.8",
|
||
|
|
"status": "unaffected",
|
||
|
|
"versionType": "semver"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version": "6.12.9",
|
||
|
|
"lessThanOrEqual": "6.12.*",
|
||
|
|
"status": "unaffected",
|
||
|
|
"versionType": "semver"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version": "6.13-rc6",
|
||
|
|
"lessThanOrEqual": "*",
|
||
|
|
"status": "unaffected",
|
||
|
|
"versionType": "original_commit_for_fix"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"defaultStatus": "affected"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
},
|
||
|
|
"references": {
|
||
|
|
"reference_data": [
|
||
|
|
{
|
||
|
|
"url": "https://git.kernel.org/stable/c/9f6f54e6a6863131442b40e14d1792b090c7ce21",
|
||
|
|
"refsource": "MISC",
|
||
|
|
"name": "https://git.kernel.org/stable/c/9f6f54e6a6863131442b40e14d1792b090c7ce21"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://git.kernel.org/stable/c/2ac5415022d16d63d912a39a06f32f1f51140261",
|
||
|
|
"refsource": "MISC",
|
||
|
|
"name": "https://git.kernel.org/stable/c/2ac5415022d16d63d912a39a06f32f1f51140261"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"generator": {
|
||
|
|
"engine": "bippy-5f407fcff5a0"
|
||
|
|
}
|
||
|
|
}
|