[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024110558-CVE-2024-50133-3d60@gregkh>
Date: Tue, 5 Nov 2024 18:11:22 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-50133: LoongArch: Don't crash in stack_top() for tasks without vDSO
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Don't crash in stack_top() for tasks without vDSO
Not all tasks have a vDSO mapped, for example kthreads never do. If such
a task ever ends up calling stack_top(), it will derefence the NULL vdso
pointer and crash.
This can for example happen when using kunit:
[<9000000000203874>] stack_top+0x58/0xa8
[<90000000002956cc>] arch_pick_mmap_layout+0x164/0x220
[<90000000003c284c>] kunit_vm_mmap_init+0x108/0x12c
[<90000000003c1fbc>] __kunit_add_resource+0x38/0x8c
[<90000000003c2704>] kunit_vm_mmap+0x88/0xc8
[<9000000000410b14>] usercopy_test_init+0xbc/0x25c
[<90000000003c1db4>] kunit_try_run_case+0x5c/0x184
[<90000000003c3d54>] kunit_generic_run_threadfn_adapter+0x24/0x48
[<900000000022e4bc>] kthread+0xc8/0xd4
[<9000000000200ce8>] ret_from_kernel_thread+0xc/0xa4
The Linux kernel CVE team has assigned CVE-2024-50133 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.19 with commit 803b0fc5c3f2 and fixed in 6.1.115 with commit a67d4a02bf43
Issue introduced in 5.19 with commit 803b0fc5c3f2 and fixed in 6.6.59 with commit a94c197d4d74
Issue introduced in 5.19 with commit 803b0fc5c3f2 and fixed in 6.11.6 with commit 041cc3860b06
Issue introduced in 5.19 with commit 803b0fc5c3f2 and fixed in 6.12-rc5 with commit 134475a9ab84
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-50133
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
arch/loongarch/kernel/process.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/a67d4a02bf43e15544179895ede7d5f97b84b550
https://git.kernel.org/stable/c/a94c197d4d749954dfaa37e907fcc8c04e4aad7e
https://git.kernel.org/stable/c/041cc3860b06770357876d1114d615333b0fbf31
https://git.kernel.org/stable/c/134475a9ab8487527238d270639a8cb74c10aab2
Powered by blists - more mailing lists