lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2024122716-CVE-2024-53172-217d@gregkh>
Date: Fri, 27 Dec 2024 14:52:18 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ubi: fastmap: Fix duplicate slab cache names while attaching

Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when
DEBUG_VM=y"), the duplicate slab cache names can be detected and a
kernel WARNING is thrown out.
In UBI fast attaching process, alloc_ai() could be invoked twice
with the same slab cache name 'ubi_aeb_slab_cache', which will trigger
following warning messages:
 kmem_cache of name 'ubi_aeb_slab_cache' already exists
 WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107
          __kmem_cache_create_args+0x100/0x5f0
 Modules linked in: ubi(+) nandsim [last unloaded: nandsim]
 CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2
 RIP: 0010:__kmem_cache_create_args+0x100/0x5f0
 Call Trace:
   __kmem_cache_create_args+0x100/0x5f0
   alloc_ai+0x295/0x3f0 [ubi]
   ubi_attach+0x3c3/0xcc0 [ubi]
   ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi]
   ubi_init+0x3fb/0x800 [ubi]
   do_init_module+0x265/0x7d0
   __x64_sys_finit_module+0x7a/0xc0

The problem could be easily reproduced by loading UBI device by fastmap
with CONFIG_DEBUG_VM=y.
Fix it by using different slab names for alloc_ai() callers.

The Linux kernel CVE team has assigned CVE-2024-53172 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 4.19.325 with commit ef52b7191ac41e68b1bf070d00c5b04ed16e4920
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.4.287 with commit 871c148f8e0c32e505df9393ba4a303c3c3fe988
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.10.231 with commit 04c0b0f37617099479c34e207c5550d081f585a6
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.15.174 with commit b1ee0aa4945c49cbbd779da81040fcec4de80fd1
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.1.120 with commit 6afdcb285794e75d2c8995e3a44f523c176cc2de
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.6.64 with commit 612824dd0c9465ef365ace38b056c663d110956d
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.11.11 with commit 3d8558135cd56a2a8052024be4073e160f36658c
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.12.2 with commit 7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.13-rc1 with commit bcddf52b7a17adcebc768d26f4e27cf79adb424c

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53172
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/mtd/ubi/attach.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/ef52b7191ac41e68b1bf070d00c5b04ed16e4920
	https://git.kernel.org/stable/c/871c148f8e0c32e505df9393ba4a303c3c3fe988
	https://git.kernel.org/stable/c/04c0b0f37617099479c34e207c5550d081f585a6
	https://git.kernel.org/stable/c/b1ee0aa4945c49cbbd779da81040fcec4de80fd1
	https://git.kernel.org/stable/c/6afdcb285794e75d2c8995e3a44f523c176cc2de
	https://git.kernel.org/stable/c/612824dd0c9465ef365ace38b056c663d110956d
	https://git.kernel.org/stable/c/3d8558135cd56a2a8052024be4073e160f36658c
	https://git.kernel.org/stable/c/7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
	https://git.kernel.org/stable/c/bcddf52b7a17adcebc768d26f4e27cf79adb424c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ