CVE-2024-39482

In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btree_iter btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:27

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671 - Mailing List, Patch () https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671 - Mailing List, Patch
References () https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b - Mailing List, Patch () https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b - Mailing List, Patch
References () https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31 - Mailing List, Patch () https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31 - Mailing List, Patch
References () https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023 - Mailing List, Patch () https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023 - Mailing List, Patch
References () https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148 - Mailing List, Patch () https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148 - Mailing List, Patch
References () https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02 - Mailing List, Patch () https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02 - Mailing List, Patch

08 Jul 2024, 18:00

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671 - () https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671 - Mailing List, Patch
References () https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b - () https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b - Mailing List, Patch
References () https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31 - () https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31 - Mailing List, Patch
References () https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023 - () https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023 - Mailing List, Patch
References () https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148 - () https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148 - Mailing List, Patch
References () https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02 - () https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02 - Mailing List, Patch
CWE CWE-770
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Linux
Linux linux Kernel

05 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bcache: corrige el abuso de matriz de longitud variable en btree_iter btree_iter se usa de dos maneras: ya sea asignado en la pila con un tamaño fijo MAX_BSETS, o desde un mempool con un tamaño dinámico basado en el conjunto de caché específico. Anteriormente, la estructura tenía una matriz de longitud fija de tamaño MAX_BSETS que estaba indexada fuera de los límites para los iteradores de tamaño dinámico, lo que provoca que UBSAN se queje. Este parche utiliza el mismo enfoque que en sort_iter de bcachefs y divide el iterador en un btree_iter con un miembro de matriz flexible y un btree_iter_stack que incorpora un btree_iter así como una matriz de datos de longitud fija.

05 Jul 2024, 08:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b -
  • () https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023 -

05 Jul 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-05 07:15

Updated : 2024-11-21 09:27


NVD link : CVE-2024-39482

Mitre link : CVE-2024-39482

CVE.ORG link : CVE-2024-39482


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-770

Allocation of Resources Without Limits or Throttling