| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025010655-CVE-2024-56763-17fd@gregkh> Date: Mon, 6 Jan 2025 17:20:57 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write Description =========== In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. The Linux kernel CVE team has assigned CVE-2024-56763 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.29 with commit 9e01c1b74c9531e301c900edaa92a99fcb7738f2 and fixed in 6.1.123 with commit 3d15f4c2449558ffe83b4dba30614ef1cd6937c3 Issue introduced in 2.6.29 with commit 9e01c1b74c9531e301c900edaa92a99fcb7738f2 and fixed in 6.6.69 with commit 03041e474a6a8f1bfd4b96b164bb3165c48fa1a3 Issue introduced in 2.6.29 with commit 9e01c1b74c9531e301c900edaa92a99fcb7738f2 and fixed in 6.12.8 with commit 1cca920af19df5dd91254e5ff35e68e911683706 Issue introduced in 2.6.29 with commit 9e01c1b74c9531e301c900edaa92a99fcb7738f2 and fixed in 6.13-rc5 with commit 98feccbf32cfdde8c722bc4587aaa60ee5ac33f0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56763 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/trace/trace.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3d15f4c2449558ffe83b4dba30614ef1cd6937c3 https://git.kernel.org/stable/c/03041e474a6a8f1bfd4b96b164bb3165c48fa1a3 https://git.kernel.org/stable/c/1cca920af19df5dd91254e5ff35e68e911683706 https://git.kernel.org/stable/c/98feccbf32cfdde8c722bc4587aaa60ee5ac33f0
Powered by blists - more mailing lists