| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024091109-CVE-2024-45021-68c4@gregkh> Date: Wed, 11 Sep 2024 17:14:17 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops Description =========== In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). The Linux kernel CVE team has assigned CVE-2024-45021 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 4.19.321 with commit fa5bfdf6cb58 Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 5.4.283 with commit 1b37ec85ad95 Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 5.10.225 with commit ad149f558534 Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 5.15.166 with commit 0fbe2a72e853 Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 6.1.107 with commit 43768fa80fd1 Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 6.6.48 with commit f1aa7c509aa7 Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 6.10.7 with commit 21b578f1d599 Issue introduced in 2.6.34 with commit 0dea116876ee and fixed in 6.11-rc4 with commit 046667c4d319 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-45021 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: mm/memcontrol-v1.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411 https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8 https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227 https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7 https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61 https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e
Powered by blists - more mailing lists