lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025030609-CVE-2024-58078-3d63@gregkh> Date: Thu, 6 Mar 2025 17:14:11 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-58078: misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors Description =========== In the Linux kernel, the following vulnerability has been resolved: misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors misc_minor_alloc was allocating id using ida for minor only in case of MISC_DYNAMIC_MINOR but misc_minor_free was always freeing ids using ida_free causing a mismatch and following warn: > > WARNING: CPU: 0 PID: 159 at lib/idr.c:525 ida_free+0x3e0/0x41f > > ida_free called for id=127 which is not allocated. > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ... > > [<60941eb4>] ida_free+0x3e0/0x41f > > [<605ac993>] misc_minor_free+0x3e/0xbc > > [<605acb82>] misc_deregister+0x171/0x1b3 misc_minor_alloc is changed to allocate id from ida for all minors falling in the range of dynamic/ misc dynamic minors The Linux kernel CVE team has assigned CVE-2024-58078 to this issue. Affected and fixed versions =========================== Issue introduced in 6.2 with commit ab760791c0cfbb1d7a668f46a135264f56c8f018 and fixed in 6.6.78 with commit 3df72111c39f7e4c5029c9ff720b56ec2e05b764 Issue introduced in 6.2 with commit ab760791c0cfbb1d7a668f46a135264f56c8f018 and fixed in 6.12.14 with commit 8b4120b3e060e137eaa8dc76a1c40401088336e5 Issue introduced in 6.2 with commit ab760791c0cfbb1d7a668f46a135264f56c8f018 and fixed in 6.13.3 with commit 6635332d246d7db89b90e145f2bf937406cecaf0 Issue introduced in 6.2 with commit ab760791c0cfbb1d7a668f46a135264f56c8f018 and fixed in 6.14-rc1 with commit 6d04d2b554b14ae6c428a9c60b6c85f1e5c89f68 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-58078 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/char/misc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3df72111c39f7e4c5029c9ff720b56ec2e05b764 https://git.kernel.org/stable/c/8b4120b3e060e137eaa8dc76a1c40401088336e5 https://git.kernel.org/stable/c/6635332d246d7db89b90e145f2bf937406cecaf0 https://git.kernel.org/stable/c/6d04d2b554b14ae6c428a9c60b6c85f1e5c89f68
Powered by blists - more mailing lists