| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024091316-CVE-2024-46713-5e49@gregkh> Date: Fri, 13 Sep 2024 16:49:17 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-46713: perf/aux: Fix AUX buffer serialization Description =========== In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch. The Linux kernel CVE team has assigned CVE-2024-46713 to this issue. Affected and fixed versions =========================== Issue introduced in 4.1 with commit 45bfb2e50471 and fixed in 5.10.226 with commit 7882923f1cb8 Issue introduced in 4.1 with commit 45bfb2e50471 and fixed in 5.15.167 with commit 52d13d224fdf Issue introduced in 4.1 with commit 45bfb2e50471 and fixed in 6.1.110 with commit 9dc7ad2b6777 Issue introduced in 4.1 with commit 45bfb2e50471 and fixed in 6.6.51 with commit c4b69bee3f4e Issue introduced in 4.1 with commit 45bfb2e50471 and fixed in 6.10.10 with commit b9b6882e243b Issue introduced in 4.1 with commit 45bfb2e50471 and fixed in 6.11-rc7 with commit 2ab9d830262c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-46713 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/events/core.c kernel/events/internal.h kernel/events/ring_buffer.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82 https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370 https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a
Powered by blists - more mailing lists