admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/36xxx/CVE-2024-36892.json

102 lines
6.5 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2024-05-30 16:00:35 +00:00
{
"-Synchronized-Data."
2024-11-05 10:03:14 +00:00
"data_version": "4.0",
"-Synchronized-Data."
2024-05-30 16:00:35 +00:00
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-36892",
"-Synchronized-Data."
2024-11-05 10:03:14 +00:00
"ASSIGNER": "cve@kernel.org",
"STATE": "PUBLIC"
"-Synchronized-Data."
2024-05-30 16:00:35 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2024-11-05 10:03:14 +00:00
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid zeroing outside-object freepointer for single free\n\nCommit 284f17ac13fe (\"mm/slub: handle bulk and single object freeing\nseparately\") splits single and bulk object freeing in two functions\nslab_free() and slab_free_bulk() which leads slab_free() to call\nslab_free_hook() directly instead of slab_free_freelist_hook().\n\nIf `init_on_free` is set, slab_free_hook() zeroes the object.\nAfterward, if `slub_debug=F` and `CONFIG_SLAB_FREELIST_HARDENED` are\nset, the do_slab_free() slowpath executes freelist consistency\nchecks and try to decode a zeroed freepointer which leads to a\n\"Freepointer corrupt\" detection in check_object().\n\nDuring bulk free, slab_free_freelist_hook() isn't affected as it always\nsets it objects freepointer using set_freepointer() to maintain its\nreconstructed freelist after `init_on_free`.\n\nFor single free, object's freepointer thus needs to be avoided when\nstored outside the object if `init_on_free` is set. The freepointer left\nas is, check_object() may later detect an invalid pointer value due to\nobjects overflow.\n\nTo reproduce, set `slub_debug=FU init_on_free=1 log_level=7` on the\ncommand line of a kernel build with `CONFIG_SLAB_FREELIST_HARDENED=y`.\n\ndmesg sample log:\n[ 10.708715] =============================================================================\n[ 10.710323] BUG kmalloc-rnd-05-32 (Tainted: G B T ): Freepointer corrupt\n[ 10.712695] -----------------------------------------------------------------------------\n[ 10.712695]\n[ 10.712695] Slab 0xffffd8bdc400d580 objects=32 used=4 fp=0xffff9d9a80356f80 flags=0x200000000000a00(workingset|slab|node=0|zone=2)\n[ 10.716698] Object 0xffff9d9a80356600 @offset=1536 fp=0x7ee4f480ce0ecd7c\n[ 10.716698]\n[ 10.716698] Bytes b4 ffff9d9a803565f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.720703] Object ffff9d9a80356600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.720703] Object ffff9d9a80356610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.724696] Padding ffff9d9a8035666c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.724696] Padding ffff9d9a8035667c: 00 00 00 00 ....\n[ 10.724696] FIX kmalloc-rnd-05-32: Object at 0xffff9d9a80356600 not freed"
"-Synchronized-Data."
2024-05-30 16:00:35 +00:00
}
]
"-Synchronized-Data."
2024-11-05 10:03:14 +00:00
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "284f17ac13fe",
"version_value": "56900355485f"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.8",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/56900355485f6e82114b18c812edd57fd7970dcb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/56900355485f6e82114b18c812edd57fd7970dcb"
},
{
"url": "https://git.kernel.org/stable/c/8f828aa48812ced28aa39cb3cfe55ef2444d03dd",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8f828aa48812ced28aa39cb3cfe55ef2444d03dd"
}
]
},
"generator": {
"engine": "bippy-9e1c9544281a"
"-Synchronized-Data."
2024-05-30 16:00:35 +00:00
}
}
Reference in New Issue Copy Permalink