nvd-json-data-feeds/CVE-2024/CVE-2024-500xx/CVE-2024-50067.json

{
  "id": "CVE-2024-50067",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-10-28T01:15:02.930",
  "lastModified": "2024-12-11T15:15:10.943",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobe: avoid out-of-bounds memory access of fetching args\n\nUprobe needs to fetch args into a percpu buffer, and then copy to ring\nbuffer to avoid non-atomic context problem.\n\nSometimes user-space strings, arrays can be very large, but the size of\npercpu buffer is only page size. And store_trace_args() won't check\nwhether these data exceeds a single page or not, caused out-of-bounds\nmemory access.\n\nIt could be reproduced by following steps:\n1. build kernel with CONFIG_KASAN enabled\n2. save follow program as test.c\n\n```\n\\#include <stdio.h>\n\\#include <stdlib.h>\n\\#include <string.h>\n\n// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()\n// will return 0, cause __get_data_size() return shorter size, and\n// store_trace_args() will not trigger out-of-bounds access.\n// So make string length less than 4096.\n\\#define STRLEN 4093\n\nvoid generate_string(char *str, int n)\n{\n    int i;\n    for (i = 0; i < n; ++i)\n    {\n        char c = i % 26 + 'a';\n        str[i] = c;\n    }\n    str[n-1] = '\\0';\n}\n\nvoid print_string(char *str)\n{\n    printf(\"%s\\n\", str);\n}\n\nint main()\n{\n    char tmp[STRLEN];\n\n    generate_string(tmp, STRLEN);\n    print_string(tmp);\n\n    return 0;\n}\n```\n3. compile program\n`gcc -o test test.c`\n\n4. get the offset of `print_string()`\n```\nobjdump -t test | grep -w print_string\n0000000000401199 g     F .text  000000000000001b              print_string\n```\n\n5. configure uprobe with offset 0x1199\n```\noff=0x1199\n\ncd /sys/kernel/debug/tracing/\necho \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\"\n > uprobe_events\necho 1 > events/uprobes/enable\necho 1 > tracing_on\n```\n\n6. run `test`, and kasan will report error.\n==================================================================\nBUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0\nWrite of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18\nHardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x27/0x310\n kasan_report+0x10f/0x120\n ? strncpy_from_user+0x1d6/0x1f0\n strncpy_from_user+0x1d6/0x1f0\n ? rmqueue.constprop.0+0x70d/0x2ad0\n process_fetch_insn+0xb26/0x1470\n ? __pfx_process_fetch_insn+0x10/0x10\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __pte_offset_map+0x1f/0x2d0\n ? unwind_next_frame+0xc5f/0x1f80\n ? arch_stack_walk+0x68/0xf0\n ? is_bpf_text_address+0x23/0x30\n ? kernel_text_address.part.0+0xbb/0xd0\n ? __kernel_text_address+0x66/0xb0\n ? unwind_get_return_address+0x5e/0xa0\n ? __pfx_stack_trace_consume_entry+0x10/0x10\n ? arch_stack_walk+0xa2/0xf0\n ? _raw_spin_lock_irqsave+0x8b/0xf0\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? depot_alloc_stack+0x4c/0x1f0\n ? _raw_spin_unlock_irqrestore+0xe/0x30\n ? stack_depot_save_flags+0x35d/0x4f0\n ? kasan_save_stack+0x34/0x50\n ? kasan_save_stack+0x24/0x50\n ? mutex_lock+0x91/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n prepare_uprobe_buffer.part.0+0x2cd/0x500\n uprobe_dispatcher+0x2c3/0x6a0\n ? __pfx_uprobe_dispatcher+0x10/0x10\n ? __kasan_slab_alloc+0x4d/0x90\n handler_chain+0xdd/0x3e0\n handle_swbp+0x26e/0x3d0\n ? __pfx_handle_swbp+0x10/0x10\n ? uprobe_pre_sstep_notifier+0x151/0x1b0\n irqentry_exit_to_user_mode+0xe2/0x1b0\n asm_exc_int3+0x39/0x40\nRIP: 0033:0x401199\nCode: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce\nRSP: 002b:00007ffdf00576a8 EFLAGS: 00000206\nRAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2\nRDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0\nRBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20\nR10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040\nR13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n\nThis commit enforces the buffer's maxlen less than a page-size to avoid
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uprobe: evitar el acceso a memoria fuera de los l\u00edmites para obtener argumentos. Uprobe necesita obtener argumentos en un b\u00fafer por CPU y luego copiarlos en el b\u00fafer de anillo para evitar problemas de contexto no at\u00f3mico. A veces, las cadenas y matrices del espacio de usuario pueden ser muy grandes, pero el tama\u00f1o del b\u00fafer por CPU es solo el tama\u00f1o de la p\u00e1gina. Y store_trace_args() no verificar\u00e1 si estos datos exceden una sola p\u00e1gina o no, lo que provoc\u00f3 un acceso a memoria fuera de los l\u00edmites. Se puede reproducir siguiendo los pasos: 1. compilar el kernel con CONFIG_KASAN habilitado 2. guardar el siguiente programa como test.c ``` \\#include  \\#include  \\#include  // Si la longitud de la cadena es mayor que MAX_STRING_SIZE, fetch_store_strlen() // devolver\u00e1 0, lo que har\u00e1 que __get_data_size() devuelva un tama\u00f1o menor y // store_trace_args() no active el acceso fuera de los l\u00edmites. // Entonces haga que la longitud de la cadena sea menor que 4096. \\#define STRLEN 4093 void generate_string(char *str, int n) { int i; for (i = 0; i &lt; n; ++i) { char c = i % 26 + 'a'; str[i] = c; } str[n-1] = '\\0'; } void print_string(char *str) { printf(\"%s\\n\", str); } int main() { char tmp[STRLEN]; generate_string(tmp, STRLEN); print_string(tmp); return 0; } ``` 3. compilar el programa `gcc -o test test.c` 4. obtener el desplazamiento de `print_string()` ``` objdump -t test | grep -w print_string 0000000000401199 g F .text 000000000000001b print_string ``` 5. configure uprobe con desplazamiento 0x1199 ``` off=0x1199 cd /sys/kernel/debug/tracing/ echo \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\" &gt; uprobe_events echo 1 &gt; events/uprobes/enable echo 1 &gt; tracing_on ``` 6. ejecute `test` y kasan informar\u00e1 el error. ===================================================================== ERROR: KASAN: use-after-free en strncpy_from_user+0x1d6/0x1f0 Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff88812311c004 por la tarea test/499CPU: 0 UID: 0 PID: 499 Comm: test No contaminado 6.12.0-rc3+ #18 Nombre del hardware: Red Hat KVM, BIOS 1.16.0-4.al8 01/04/2014 Rastreo de llamadas:  dump_stack_lvl+0x55/0x70 descripci\u00f3n_direcci\u00f3n_impresi\u00f3n.constprop.0+0x27/0x310 informe_kasan+0x10f/0x120 ? strncpy_desde_usuario+0x1d6/0x1f0 strncpy_desde_usuario+0x1d6/0x1f0 ? rmqueue.constprop.0+0x70d/0x2ad0 inserci\u00f3n_obtenci\u00f3n_proceso+0xb26/0x1470 ? __pfx_instrucci\u00f3n_obtenci\u00f3n_proceso+0x10/0x10 ? _bloqueo_giro_sin_procesamiento+0x85/0xe0 ? __pfx__bloqueo_giro_sin_procesamiento+0x10/0x10 ? __pte_offset_map+0x1f/0x2d0 ? desenrollar_siguiente_fotograma+0xc5f/0x1f80 ? arch_stack_walk+0x68/0xf0 ? is_bpf_text_address+0x23/0x30 ? kernel_text_address.part.0+0xbb/0xd0 ? __kernel_text_address+0x66/0xb0 ? unwind_get_return_address+0x5e/0xa0 ? __pfx_stack_trace_consume_entry+0x10/0x10 ? arch_stack_walk+0xa2/0xf0 ? _raw_spin_lock_irqsave+0x8b/0xf0 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? depot_alloc_stack+0x4c/0x1f0 ? __pfx_uprobe_dispatcher+0x10/0x10 ? __kasan_slab_alloc+0x4d/0x90 handler_chain+0xdd/0x3e0 handle_swbp+0x26e/0x3d0 ? __pfx_handle_swbp+0x10/0x10 ? uprobe_pre_sstep_notifier+0x151/0x1b0 irqentry_exit_to_user_mode+0xe2/0x1b0 asm_exc_int3+0x39/0x40 RIP: 0033:0x401199 C\u00f3digo: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce RSP: 002b:00007ffdf00576a8 EFLAGS: 00000206 RAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2 RDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0 RBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20 R10: 000000000000001 R11: 0000000000000202 R12: 0000000000401040 R13: 00007ffdf0058780 R14: 00000000000000000 R15: 0000000000000000  Esta confirmaci\u00f3n hace que la longitud m\u00e1xima del b\u00fafer sea menor que el tama\u00f1o de una p\u00e1gina para evitar el acceso fuera de memoria a st
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      },
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.14",
              "versionEndExcluding": "6.12",
              "matchCriteriaId": "8F4406AF-A340-4EB4-9920-E502C2DA6CCC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/0dc3ad9ad2188da7f090b3dbe4d2fcd9ae8ae64f",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/373b9338c9722a368925d83bc622c596896b328e",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/537ad4a431f6dddbf15d40d19f24bb9ee12b55cb",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://git.kernel.org/stable/c/9e5f93788c9dd4309e75a56860a1ac44a8e117b9",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ]
    }
  ]
}
Auto-Update: 2024-10-28T03:00:18.495506+00:00 2024-10-28 03:03:22 +00:00			`{`
			`"id": "CVE-2024-50067",`
			`"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"published": "2024-10-28T01:15:02.930",`
Auto-Update: 2024-12-11T17:00:38.499974+00:00 2024-12-11 17:04:01 +00:00			`"lastModified": "2024-12-11T15:15:10.943",`
Auto-Update: 2024-11-17T17:00:19.710011+00:00 2024-11-17 17:03:22 +00:00			`"vulnStatus": "Modified",`
Auto-Update: 2024-10-28T03:00:18.495506+00:00 2024-10-28 03:03:22 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobe: avoid out-of-bounds memory access of fetching args\n\nUprobe needs to fetch args into a percpu buffer, and then copy to ring\nbuffer to avoid non-atomic context problem.\n\nSometimes user-space strings, arrays can be very large, but the size of\npercpu buffer is only page size. And store_trace_args() won't check\nwhether these data exceeds a single page or not, caused out-of-bounds\nmemory access.\n\nIt could be reproduced by following steps:\n1. build kernel with CONFIG_KASAN enabled\n2. save follow program as test.c\n\n```\n\\#include <stdio.h>\n\\#include <stdlib.h>\n\\#include <string.h>\n\n// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()\n// will return 0, cause __get_data_size() return shorter size, and\n// store_trace_args() will not trigger out-of-bounds access.\n// So make string length less than 4096.\n\\#define STRLEN 4093\n\nvoid generate_string(char str, int n)\n{\n int i;\n for (i = 0; i < n; ++i)\n {\n char c = i % 26 + 'a';\n str[i] = c;\n }\n str[n-1] = '\\0';\n}\n\nvoid print_string(char str)\n{\n printf(\"%s\\n\", str);\n}\n\nint main()\n{\n char tmp[STRLEN];\n\n generate_string(tmp, STRLEN);\n print_string(tmp);\n\n return 0;\n}\n```\n3. compile program\n`gcc -o test test.c`\n\n4. get the offset of `print_string()`\n```\nobjdump -t test \| grep -w print_string\n0000000000401199 g F .text 000000000000001b print_string\n```\n\n5. configure uprobe with offset 0x1199\n```\noff=0x1199\n\ncd /sys/kernel/debug/tracing/\necho \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\"\n > uprobe_events\necho 1 > events/uprobes/enable\necho 1 > tracing_on\n```\n\n6. run `test`, and kasan will report error.\n==================================================================\nBUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0\nWrite of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18\nHardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x27/0x310\n kasan_report+0x10f/0x120\n ? strncpy_from_user+0x1d6/0x1f0\n strncpy_from_user+0x1d6/0x1f0\n ? rmqueue.constprop.0+0x70d/0x2ad0\n process_fetch_insn+0xb26/0x1470\n ? __pfx_process_fetch_insn+0x10/0x10\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __pte_offset_map+0x1f/0x2d0\n ? unwind_next_frame+0xc5f/0x1f80\n ? arch_stack_walk+0x68/0xf0\n ? is_bpf_text_address+0x23/0x30\n ? kernel_text_address.part.0+0xbb/0xd0\n ? __kernel_text_address+0x66/0xb0\n ? unwind_get_return_address+0x5e/0xa0\n ? __pfx_stack_trace_consume_entry+0x10/0x10\n ? arch_stack_walk+0xa2/0xf0\n ? _raw_spin_lock_irqsave+0x8b/0xf0\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? depot_alloc_stack+0x4c/0x1f0\n ? _raw_spin_unlock_irqrestore+0xe/0x30\n ? stack_depot_save_flags+0x35d/0x4f0\n ? kasan_save_stack+0x34/0x50\n ? kasan_save_stack+0x24/0x50\n ? mutex_lock+0x91/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n prepare_uprobe_buffer.part.0+0x2cd/0x500\n uprobe_dispatcher+0x2c3/0x6a0\n ? __pfx_uprobe_dispatcher+0x10/0x10\n ? __kasan_slab_alloc+0x4d/0x90\n handler_chain+0xdd/0x3e0\n handle_swbp+0x26e/0x3d0\n ? __pfx_handle_swbp+0x10/0x10\n ? uprobe_pre_sstep_notifier+0x151/0x1b0\n irqentry_exit_to_user_mode+0xe2/0x1b0\n asm_exc_int3+0x39/0x40\nRIP: 0033:0x401199\nCode: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce\nRSP: 002b:00007ffdf00576a8 EFLAGS: 00000206\nRAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2\nRDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0\nRBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20\nR10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040\nR13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n\nThis commit enforces the buffer's maxlen less than a page-size to avoid
Auto-Update: 2024-10-28T15:01:19.649534+00:00 2024-10-28 15:04:19 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uprobe: evitar el acceso a memoria fuera de los l\u00edmites para obtener argumentos. Uprobe necesita obtener argumentos en un b\u00fafer por CPU y luego copiarlos en el b\u00fafer de anillo para evitar problemas de contexto no at\u00f3mico. A veces, las cadenas y matrices del espacio de usuario pueden ser muy grandes, pero el tama\u00f1o del b\u00fafer por CPU es solo el tama\u00f1o de la p\u00e1gina. Y store_trace_args() no verificar\u00e1 si estos datos exceden una sola p\u00e1gina o no, lo que provoc\u00f3 un acceso a memoria fuera de los l\u00edmites. Se puede reproducir siguiendo los pasos: 1. compilar el kernel con CONFIG_KASAN habilitado 2. guardar el siguiente programa como test.c ``` \\#include \\#include \\#include // Si la longitud de la cadena es mayor que MAX_STRING_SIZE, fetch_store_strlen() // devolver\u00e1 0, lo que har\u00e1 que __get_data_size() devuelva un tama\u00f1o menor y // store_trace_args() no active el acceso fuera de los l\u00edmites. // Entonces haga que la longitud de la cadena sea menor que 4096. \\#define STRLEN 4093 void generate_string(char str, int n) { int i; for (i = 0; i < n; ++i) { char c = i % 26 + 'a'; str[i] = c; } str[n-1] = '\\0'; } void print_string(char str) { printf(\"%s\\n\", str); } int main() { char tmp[STRLEN]; generate_string(tmp, STRLEN); print_string(tmp); return 0; } ``` 3. compilar el programa `gcc -o test test.c` 4. obtener el desplazamiento de `print_string()` ``` objdump -t test \| grep -w print_string 0000000000401199 g F .text 000000000000001b print_string ``` 5. configure uprobe con desplazamiento 0x1199 ``` off=0x1199 cd /sys/kernel/debug/tracing/ echo \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\" > uprobe_events echo 1 > events/uprobes/enable echo 1 > tracing_on ``` 6. ejecute `test` y kasan informar\u00e1 el error. ===================================================================== ERROR: KASAN: use-after-free en strncpy_from_user+0x1d6/0x1f0 Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff88812311c004 por la tarea test/499CPU: 0 UID: 0 PID: 499 Comm: test No contaminado 6.12.0-rc3+ #18 Nombre del hardware: Red Hat KVM, BIOS 1.16.0-4.al8 01/04/2014 Rastreo de llamadas: dump_stack_lvl+0x55/0x70 descripci\u00f3n_direcci\u00f3n_impresi\u00f3n.constprop.0+0x27/0x310 informe_kasan+0x10f/0x120 ? strncpy_desde_usuario+0x1d6/0x1f0 strncpy_desde_usuario+0x1d6/0x1f0 ? rmqueue.constprop.0+0x70d/0x2ad0 inserci\u00f3n_obtenci\u00f3n_proceso+0xb26/0x1470 ? __pfx_instrucci\u00f3n_obtenci\u00f3n_proceso+0x10/0x10 ? _bloqueo_giro_sin_procesamiento+0x85/0xe0 ? __pfx__bloqueo_giro_sin_procesamiento+0x10/0x10 ? __pte_offset_map+0x1f/0x2d0 ? desenrollar_siguiente_fotograma+0xc5f/0x1f80 ? arch_stack_walk+0x68/0xf0 ? is_bpf_text_address+0x23/0x30 ? kernel_text_address.part.0+0xbb/0xd0 ? __kernel_text_address+0x66/0xb0 ? unwind_get_return_address+0x5e/0xa0 ? __pfx_stack_trace_consume_entry+0x10/0x10 ? arch_stack_walk+0xa2/0xf0 ? _raw_spin_lock_irqsave+0x8b/0xf0 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? depot_alloc_stack+0x4c/0x1f0 ? __pfx_uprobe_dispatcher+0x10/0x10 ? __kasan_slab_alloc+0x4d/0x90 handler_chain+0xdd/0x3e0 handle_swbp+0x26e/0x3d0 ? __pfx_handle_swbp+0x10/0x10 ? uprobe_pre_sstep_notifier+0x151/0x1b0 irqentry_exit_to_user_mode+0xe2/0x1b0 asm_exc_int3+0x39/0x40 RIP: 0033:0x401199 C\u00f3digo: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce RSP: 002b:00007ffdf00576a8 EFLAGS: 00000206 RAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2 RDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0 RBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20 R10: 000000000000001 R11: 0000000000000202 R12: 0000000000401040 R13: 00007ffdf0058780 R14: 00000000000000000 R15: 0000000000000000 Esta confirmaci\u00f3n hace que la longitud m\u00e1xima del b\u00fafer sea menor que el tama\u00f1o de una p\u00e1gina para evitar el acceso fuera de memoria a st
Auto-Update: 2024-10-28T03:00:18.495506+00:00 2024-10-28 03:03:22 +00:00			`}`
			`],`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 5.9`
Auto-Update: 2024-12-11T17:00:38.499974+00:00 2024-12-11 17:04:01 +00:00			`},`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 5.9`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-787"`
			`}`
			`]`
Auto-Update: 2024-12-11T17:00:38.499974+00:00 2024-12-11 17:04:01 +00:00			`},`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-416"`
			`}`
			`]`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
Auto-Update: 2024-11-04T19:00:20.374735+00:00 2024-11-04 19:03:21 +00:00			`"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`"versionStartIncluding": "3.14",`
			`"versionEndExcluding": "6.12",`
Auto-Update: 2024-11-04T19:00:20.374735+00:00 2024-11-04 19:03:21 +00:00			`"matchCriteriaId": "8F4406AF-A340-4EB4-9920-E502C2DA6CCC"`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::",`
			`"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::",`
			`"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::",`
			`"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::",`
			`"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-10-28T03:00:18.495506+00:00 2024-10-28 03:03:22 +00:00			`"references": [`
Auto-Update: 2024-11-17T17:00:19.710011+00:00 2024-11-17 17:03:22 +00:00			`{`
			`"url": "https://git.kernel.org/stable/c/0dc3ad9ad2188da7f090b3dbe4d2fcd9ae8ae64f",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
Auto-Update: 2024-10-28T03:00:18.495506+00:00 2024-10-28 03:03:22 +00:00			`{`
			`"url": "https://git.kernel.org/stable/c/373b9338c9722a368925d83bc622c596896b328e",`
Auto-Update: 2024-10-29T17:00:30.149051+00:00 2024-10-29 17:03:29 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-11-04T13:00:25.067046+00:00 2024-11-04 13:03:25 +00:00			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/537ad4a431f6dddbf15d40d19f24bb9ee12b55cb",`
Auto-Update: 2024-11-04T19:00:20.374735+00:00 2024-11-04 19:03:21 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-11-04T13:00:25.067046+00:00 2024-11-04 13:03:25 +00:00			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/9e5f93788c9dd4309e75a56860a1ac44a8e117b9",`
Auto-Update: 2024-11-04T19:00:20.374735+00:00 2024-11-04 19:03:21 +00:00			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"tags": [`
			`"Patch"`
			`]`
Auto-Update: 2024-10-28T03:00:18.495506+00:00 2024-10-28 03:03:22 +00:00			`}`
			`]`
			`}`