[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2024080634-electable-foyer-ad3c@gregkh>
Date: Tue, 6 Aug 2024 10:55:00 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Shung-Hsi Yu <shung-hsi.yu@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model()
On Tue, Aug 06, 2024 at 04:48:56PM +0800, Shung-Hsi Yu wrote:
> On Mon, Jul 29, 2024 at 05:53:11PM GMT, Greg Kroah-Hartman wrote:
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > xdp: Remove WARN() from __xdp_reg_mem_model()
> >
> > syzkaller reports a warning in __xdp_reg_mem_model().
> >
> > The warning occurs only if __mem_id_init_hash_table() returns an error. It
> > returns the error in two cases:
> >
> > 1. memory allocation fails;
> > 2. rhashtable_init() fails when some fields of rhashtable_params
> > struct are not initialized properly.
> >
> > The second case cannot happen since there is a static const rhashtable_params
> > struct with valid fields. So, warning is only triggered when there is a
> > problem with memory allocation.
> >
> > Thus, there is no sense in using WARN() to handle this error and it can be
> > safely removed.
> [...]
>
> The mention fix (below) simply removed a WARN_ON(1) call, so I believe
> there's no security implication here.
If memory allocation fails, and panic-on-warn is enabled, this will
cause the machine to reboot, hence the need for a CVE allocation.
thanks,
greg k-h
Powered by blists - more mailing lists