| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122918-CVE-2024-56709-655c@gregkh> Date: Sun, 29 Dec 2024 09:42:19 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56709: io_uring: check if iowq is killed before queuing Description =========== In the Linux kernel, the following vulnerability has been resolved: io_uring: check if iowq is killed before queuing task work can be executed after the task has gone through io_uring termination, whether it's the final task_work run or the fallback path. In this case, task work will find ->io_wq being already killed and null'ed, which is a problem if it then tries to forward the request to io_queue_iowq(). Make io_queue_iowq() fail requests in this case. Note that it also checks PF_KTHREAD, because the user can first close a DEFER_TASKRUN ring and shortly after kill the task, in which case ->iowq check would race. The Linux kernel CVE team has assigned CVE-2024-56709 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit 773af69121ecc6c53d192661af8d53bb3db028ae and fixed in 6.1.122 with commit 534d59ab38010aada88390db65985e65d0de7d9e Issue introduced in 5.14 with commit 773af69121ecc6c53d192661af8d53bb3db028ae and fixed in 6.6.68 with commit 2ca94c8de36091067b9ce7527ae8db3812d38781 Issue introduced in 5.14 with commit 773af69121ecc6c53d192661af8d53bb3db028ae and fixed in 6.12.7 with commit 4f95a2186b7f2af09331e1e8069bcaf34fe019cf Issue introduced in 5.14 with commit 773af69121ecc6c53d192661af8d53bb3db028ae and fixed in 6.13-rc4 with commit dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56709 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: io_uring/io_uring.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/534d59ab38010aada88390db65985e65d0de7d9e https://git.kernel.org/stable/c/2ca94c8de36091067b9ce7527ae8db3812d38781 https://git.kernel.org/stable/c/4f95a2186b7f2af09331e1e8069bcaf34fe019cf https://git.kernel.org/stable/c/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156
Powered by blists - more mailing lists