CVE-2024-46824

In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000004 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9 Hardware name: linux,dummy-virt (DT) pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c) pc : 0x0 lr : iommufd_hwpt_invalidate+0xa4/0x204 sp : ffff800080f3bcc0 x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0 x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000 x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002 x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80 Call trace: 0x0 iommufd_fops_ioctl+0x154/0x274 __arm64_sys_ioctl+0xac/0xf0 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xb4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 All existing drivers implement this op for nesting, this is mostly a bisection aid.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

02 Oct 2024, 14:29

Type Values Removed Values Added
CWE CWE-476
First Time Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520 - () https://git.kernel.org/stable/c/89827a4de802765b1ebb401fc1e73a90108c7520 - Patch
References () https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47 - () https://git.kernel.org/stable/c/a11dda723c6493bb1853bbc61c093377f96e2d47 - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommufd: Requiere que los controladores proporcionen las operaciones cache_invalidate_user Si los controladores no hacen esto, iommufd oops invalidará los ioctls con algo como: No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0000000000000000 Información de aborto de memoria: ESR = 0x0000000086000004 EC = 0x21: IABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: error de traducción de nivel 0 pgtable de usuario: 4k páginas, VA de 48 bits, pgdp=0000000101059000 [000000000000000] pgd=0000000000000000, p4d=0000000000000000 Error interno: Oops: 0000000086000004 [#1] PREEMPT Módulos SMP vinculados: CPU: 2 PID: 371 Comm: qemu-system-aar No contaminado 6.8.0-rc7-gde77230ac23a #9 Nombre del hardware: linux,dummy-virt (DT) pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c) pc : 0x0 lr : iommufd_hwpt_invalidate+0xa4/0x204 sp : ffff800080f3bcc0 x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000 x26: 0000000000000000 x25: 00000000000000000 x24: 0000000000000000 x23: 000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0 x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000 x17: 00000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 000000000000000 x9: 000000000000000 x8: 0000001000000002 x7: 0000fffeac1ec950 x6: 0000000000000000 x5: ffff800080f3bd78 x4: 0000000000000003 x3: 0000000000000002 x2: 0000000000000000 x1: ffff800080f3bcc8 x0: ffff0000c6034d80 Rastreo de llamadas: 0x0 iommufd_fops_ioctl+0x154/0x274 __arm64_sys_ioctl+0xac/0xf0 anybody_syscall+0x48/0x110 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xb4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 Todos los controladores existentes implementan esta operación para anidamiento, esto es principalmente una ayuda de bisección.

27 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 13:15

Updated : 2024-10-02 14:29


NVD link : CVE-2024-46824

Mitre link : CVE-2024-46824

CVE.ORG link : CVE-2024-46824


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference