CVE-2024-26731

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() syzbot reported the following NULL pointer dereference issue [1]: BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:0x0 [...] Call Trace: <TASK> sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230 unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 If sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called concurrently, psock->saved_data_ready can be NULL, causing the above issue. This patch fixes this issue by calling the appropriate data ready function using the sk_psock_data_ready() helper and protecting it from concurrency with sk->sk_callback_lock.
Configurations

No configuration.

History

06 Nov 2024, 22:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-476
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf, sockmap: corrigió la desreferencia del puntero NULL en sk_psock_verdict_data_ready() syzbot informó el siguiente problema de desreferencia del puntero NULL [1]: ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000000 [... ] RIP: 0010:0x0 [...] Seguimiento de llamadas: sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230 unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293 sock_sendmsg_nosec net/socket. c:730 [en línea] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [en línea] __sys_sendmsg+0x2b0/0x3a0 net /socket. c:2667 do_syscall_64+0xf9/0x240 Entry_SYSCALL_64_after_hwframe+0x6f/0x77 Si sk_psock_verdict_data_ready() y sk_psock_stop_verdict() se llaman simultáneamente, psock-&gt;saved_data_ready puede ser NULL, causando el problema anterior. Este parche soluciona este problema llamando a la función de preparación de datos adecuada utilizando el asistente sk_psock_data_ready() y protegiéndola de la concurrencia con sk-&gt;sk_callback_lock.

03 Apr 2024, 17:24

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-03 17:15

Updated : 2024-11-06 22:35


NVD link : CVE-2024-26731

Mitre link : CVE-2024-26731

CVE.ORG link : CVE-2024-26731


JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference