lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2024122719-CVE-2024-53181-9b1e@gregkh>
Date: Fri, 27 Dec 2024 14:52:27 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-53181: um: vector: Do not use drvdata in release

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

um: vector: Do not use drvdata in release

The drvdata is not available in release. Let's just use container_of()
to get the vector_device instance. Otherwise, removing a vector device
will result in a crash:

RIP: 0033:vector_device_release+0xf/0x50
RSP: 00000000e187bc40  EFLAGS: 00010202
RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0
RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000
RBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70
R10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028
R13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6
Kernel panic - not syncing: Segfault with no mm
CPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1
Workqueue: events mc_work_proc
Stack:
 60028f61 623ae028 e187bc80 60276fcd
 6220b9c0 603f5820 623ae028 00000000
 e187bcb0 603a2bcd 623ae000 62370010
Call Trace:
 [<60028f61>] ? vector_device_release+0x0/0x50
 [<60276fcd>] device_release+0x70/0xba
 [<603a2bcd>] kobject_put+0xba/0xe7
 [<60277265>] put_device+0x19/0x1c
 [<60281266>] platform_device_put+0x26/0x29
 [<60281e5f>] platform_device_unregister+0x2c/0x2e
 [<60029422>] vector_remove+0x52/0x58
 [<60031316>] ? mconsole_reply+0x0/0x50
 [<600310c8>] mconsole_remove+0x160/0x1cc
 [<603b19f4>] ? strlen+0x0/0x15
 [<60066611>] ? __dequeue_entity+0x1a9/0x206
 [<600666a7>] ? set_next_entity+0x39/0x63
 [<6006666e>] ? set_next_entity+0x0/0x63
 [<60038fa6>] ? um_set_signals+0x0/0x43
 [<6003070c>] mc_work_proc+0x77/0x91
 [<60057664>] process_scheduled_works+0x1b3/0x2dd
 [<60055f32>] ? assign_work+0x0/0x58
 [<60057f0a>] worker_thread+0x1e9/0x293
 [<6005406f>] ? set_pf_worker+0x0/0x64
 [<6005d65d>] ? arch_local_irq_save+0x0/0x2d
 [<6005d748>] ? kthread_exit+0x0/0x3a
 [<60057d21>] ? worker_thread+0x0/0x293
 [<6005dbf1>] kthread+0x126/0x12b
 [<600219c5>] new_thread_handler+0x85/0xb6

The Linux kernel CVE team has assigned CVE-2024-53181 to this issue.


Affected and fixed versions
===========================

	Fixed in 4.19.325 with commit 8ed7793f6f589b4e1f0b38f8448578d2a48f9c82
	Fixed in 5.4.287 with commit 376c7f0beb8f6f3800fc3013ef2f422d0cbfbf92
	Fixed in 5.10.231 with commit 35f8f72b45791a6a71b81140c59d02a6183b6f3b
	Fixed in 5.15.174 with commit bef9a2835011668c221851a7572b6c8433087f85
	Fixed in 6.1.120 with commit dc5251b1af5c9a0749322bf58bd5aa673f545fe2
	Fixed in 6.6.64 with commit 8204dd589c4f25a7618eece5da3f0871e02af8ae
	Fixed in 6.11.11 with commit e9d36f7e71a907ec507f84ee5d60a622c345cac4
	Fixed in 6.12.2 with commit 12f52e373d63f008ee386f371bdd82a3a3779199
	Fixed in 6.13-rc1 with commit 51b39d741970742a5c41136241a9c48ac607cf82

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53181
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	arch/um/drivers/vector_kern.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/8ed7793f6f589b4e1f0b38f8448578d2a48f9c82
	https://git.kernel.org/stable/c/376c7f0beb8f6f3800fc3013ef2f422d0cbfbf92
	https://git.kernel.org/stable/c/35f8f72b45791a6a71b81140c59d02a6183b6f3b
	https://git.kernel.org/stable/c/bef9a2835011668c221851a7572b6c8433087f85
	https://git.kernel.org/stable/c/dc5251b1af5c9a0749322bf58bd5aa673f545fe2
	https://git.kernel.org/stable/c/8204dd589c4f25a7618eece5da3f0871e02af8ae
	https://git.kernel.org/stable/c/e9d36f7e71a907ec507f84ee5d60a622c345cac4
	https://git.kernel.org/stable/c/12f52e373d63f008ee386f371bdd82a3a3779199
	https://git.kernel.org/stable/c/51b39d741970742a5c41136241a9c48ac607cf82

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ