Informazioni sul CVE-2024-41065
powerpc/pseries: Whitelist dtl slub object for copying to userspace
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-41065
Descrizione: In the Linux kernel, a vulnerability has been resolved for `powerpc/pseries: Whitelist dtl slub object for copying to userspace`. Reading the dispatch trace log from `/sys/kernel/debug/powerpc/dtl/cpu-*` reveals a BUG when `CONFIG_HARDENED_USERCOPY` is enabled. The kernel logs an exception at `mm/usercopy.c:102!` when the configuration is active. Specifically, the LE PAGE_SIZE is set to 64K, MMU is Radix SMP NR_CPUS=2048, NUMA pSeries, and modules linked include: xfs, libcrc32c, dm_service_time, sd_mod, t10_pi, sg, ibmvfc, scsi_transport_fc, ibmveth, pseries_wdt, dm_multipath, dm_mirror, dm_region_hash, dm_log, dm_mod, fuse. The CPU is 27 PID: 1815 Comm: python3, OS: linux, version: 6.10.0-rc3 #85, hardware: IBM, 9040-MRX POWER10 (raw) of:IBM, FW1060.00, hv:phyp, TRAP: 0700, not tainted, not_tainted (6.10.0-rc3), MSR: 8000000000029033, XER: 0000000e, CFAR: c0000000001fdc80, IRQMASK: 0, and more. The NIP is c0000000005d23d4, LR is c0000000005d23d0, CTR is 00000000006ee6f8, and the REGS are: – usercopy_abort+0x78/0xb0 – usercopy_abort+0x74/0xb0 – trigger: usercopy_abort+0x74/0xb0 The system call exception is traced to: – usercopy_abort+0x74/0xb0 – check_heap_object+0x218/0x240 – __check_object_size+0x84/0x1a4 – dtl_file_read+0x17c/0x2c4 – full_proxy_read+0x8c/0x110 – vfs_read+0xdc/0x3a0 – ksys_read+0x84/0x144 – system_call_exception+0x124/0x330 – system_call_vectored_common+0x15c/0x2ec The interrupt is 3000 at 0x7fff81f3ab34.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6
- https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd
- https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f
- https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2
- https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a
- https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4
- https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586
Prodotti interessati
- Linux – Linux
- Linux – Linux
Relazioni con altri prodotti
Produttore:Linux
Prodotto: Linux
Anno: 2024
CWE:
CVSS: 0.0