| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024071210-CVE-2024-40909-1706@gregkh> Date: Fri, 12 Jul 2024 14:21:27 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() Description =========== In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->ops->dealloc_deferred, but the code still tests and uses link->ops->dealloc afterward, which leads to a use-after-free as reported by syzbot. Actually, one of them should be sufficient, so just call one of them instead of both. Also add a WARN_ON() in case of any problematic implementation. The Linux kernel CVE team has assigned CVE-2024-40909 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.26 with commit 876941f533e7 and fixed in 6.6.35 with commit 91cff53136da Issue introduced in 6.9 with commit 1a80dbcb2dba and fixed in 6.9.6 with commit fa97b8fed989 Issue introduced in 6.9 with commit 1a80dbcb2dba and fixed in 6.10-rc3 with commit 2884dc7d08d9 Issue introduced in 6.8.5 with commit 5d8d44777756 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-40909 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/bpf/syscall.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/91cff53136daeff50816b0baeafd38a6976f6209 https://git.kernel.org/stable/c/fa97b8fed9896f1e89cb657513e483a152d4c382 https://git.kernel.org/stable/c/2884dc7d08d98a89d8d65121524bb7533183a63a
Powered by blists - more mailing lists