Informazioni sul CVE-2024-41000
block/ioctl: prefer different overflow check
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-41000
Descrizione: “The Linux kernel has resolved a vulnerability related to block/ioctl: prefer different overflow check. Running `slykaller` with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ————[ cut here ]———— [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46 [ 62.989370] 9pnet_fd: p9_check reports an error. [ 63.001584] —[ end trace ]— Historically, the signed integer overflow sanitizer didn’t work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang; It was re-enabled in the kernel with Commit 557f8c582a9ba8ab (“ubsan: Reintroduce signed overflow sanitizer”). Let’s rework this overflow checking logic to avoid actually performing an overflow during the check itself, thus avoiding the UBSAN splat.”
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24
- https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66
- https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9
- https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e
- https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e
- https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9
Prodotti interessati
- Linux – Linux
- Linux – Linux