mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
113 lines
6.2 KiB
JSON
113 lines
6.2 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-58060",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing\n\nThere is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n.\nIn particular, the report is on tcp_congestion_ops that has\na \"struct module *owner\" member.\n\nFor struct_ops that has a \"struct module *owner\" member,\nit can be extended either by the regular kernel module or\nby the bpf_struct_ops. bpf_try_module_get() will be used\nto do the refcounting and different refcount is done\nbased on the owner pointer. When CONFIG_MODULES=n,\nthe btf_id of the \"struct module\" is missing:\n\nWARN: resolve_btfids: unresolved symbol module\n\nThus, the bpf_try_module_get() cannot do the correct refcounting.\n\nNot all subsystem's struct_ops requires the \"struct module *owner\" member.\ne.g. the recent sched_ext_ops.\n\nThis patch is to disable bpf_struct_ops registration if\nthe struct_ops has the \"struct module *\" member and the\n\"struct module\" btf_id is missing. The btf_type_is_fwd() helper\nis moved to the btf.h header file for this test.\n\nThis has happened since the beginning of bpf_struct_ops which has gone\nthrough many changes. The Fixes tag is set to a recent commit that this\npatch can apply cleanly. Considering CONFIG_MODULES=n is not\ncommon and the age of the issue, targeting for bpf-next also."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "1611603537a4b88cec7993f32b70c03113801a46",
|
|
"version_value": "b777b14c2a4a4e2322daf8e8ffd42d2b88831b17"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "6.9",
|
|
"status": "affected"
|
|
},
|
|
{
|
|
"version": "0",
|
|
"lessThan": "6.9",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.12.13",
|
|
"lessThanOrEqual": "6.12.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.13.2",
|
|
"lessThanOrEqual": "6.13.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.14-rc1",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/b777b14c2a4a4e2322daf8e8ffd42d2b88831b17",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/b777b14c2a4a4e2322daf8e8ffd42d2b88831b17"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/2324fb4e92092837ee278fdd8d60c48ee1a619ce",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/2324fb4e92092837ee278fdd8d60c48ee1a619ce"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/96ea081ed52bf077cad6d00153b6fba68e510767",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/96ea081ed52bf077cad6d00153b6fba68e510767"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-5f407fcff5a0"
|
|
}
|
|
} |