[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024053033-CVE-2024-36890-b999@gregkh>
Date: Thu, 30 May 2024 17:28:42 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
mm/slab: make __free(kfree) accept error pointers
Currently, if an automatically freed allocation is an error pointer that
will lead to a crash. An example of this is in wm831x_gpio_dbg_show().
171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i);
172 if (IS_ERR(label)) {
173 dev_err(wm831x->dev, "Failed to duplicate label\n");
174 continue;
175 }
The auto clean up function should check for error pointers as well,
otherwise we're going to keep hitting issues like this.
The Linux kernel CVE team has assigned CVE-2024-36890 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.1.79 with commit 3c6cc62ce126 and fixed in 6.1.91 with commit 9f6eb0ab4f95
Issue introduced in 6.5 with commit 54da6a092431 and fixed in 6.6.31 with commit ac6cf3ce9b7d
Issue introduced in 6.5 with commit 54da6a092431 and fixed in 6.8.10 with commit 79cbe0be6c03
Issue introduced in 6.5 with commit 54da6a092431 and fixed in 6.9 with commit cd7eb8f83fcf
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-36890
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
include/linux/slab.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/9f6eb0ab4f95240589ee85fd9886a944cd3645b2
https://git.kernel.org/stable/c/ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc
https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543
https://git.kernel.org/stable/c/cd7eb8f83fcf258f71e293f7fc52a70be8ed0128
Powered by blists - more mailing lists