[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6fa1eb4368cbaa2d0b243539f1d91692da95e117.camel@oracle.com>
Date: Thu, 18 Apr 2024 11:59:41 +0000
From: Siddh Raman Pant <siddh.raman.pant@...cle.com>
To: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
CC: "cve@...nel.org" <cve@...nel.org>,
"linux-cve-announce@...r.kernel.org"
<linux-cve-announce@...r.kernel.org>,
"linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: Re: CVE-2024-26920: tracing/trigger: Fix to return error if failed to
alloc snapshot
Hi Greg,
> In the Linux kernel, the following vulnerability has been resolved:
>
> tracing/trigger: Fix to return error if failed to alloc snapshot
>
> Fix register_snapshot_trigger() to return error code if it failed to
> allocate a snapshot instead of 0 (success). Unless that, it will register
> snapshot trigger without an error.
This commit is problematic on 4.19.y, 5.4.y, 5.10.y, and 5.15.y,
and should be reversed, and this CVE should be rejected for those
versions.
The return value should be 0 on failure, because in the functions
event_trigger_callback() and event_enable_trigger_func(), we have:
ret = cmd_ops->reg(glob, trigger_ops, trigger_data, file);
/*
* The above returns on success the # of functions enabled,
* but if it didn't find any functions it returns zero.
* Consider no functions a failure too.
*/
if (!ret) {
ret = -ENOENT;
Thus, the commit breaks this assumption.
This commit needs b8cc44a4d3c1 ("tracing: Remove logic for registering
multiple event triggers at a time") as a prerequisite, as it removes
the above.
Thanks,
Siddh
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists