lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102105-CVE-2024-47676-016b@gregkh> Date: Mon, 21 Oct 2024 14:00:04 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-47676: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Description =========== In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read(). The Linux kernel CVE team has assigned CVE-2024-47676 to this issue. Affected and fixed versions =========================== Issue introduced in 6.9 with commit 9acad7ba3e25 and fixed in 6.10.13 with commit e897d184a8dd Issue introduced in 6.9 with commit 9acad7ba3e25 and fixed in 6.11.2 with commit d59ebc99dee0 Issue introduced in 6.9 with commit 9acad7ba3e25 and fixed in 6.12-rc1 with commit 98b74bb4d7e9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-47676 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: mm/hugetlb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e897d184a8dd4a4e1f39c8c495598e4d9472776c https://git.kernel.org/stable/c/d59ebc99dee0a2687a26df94b901eb8216dbf876 https://git.kernel.org/stable/c/98b74bb4d7e96b4da5ef3126511febe55b76b807
Powered by blists - more mailing lists