Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26796

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
04/04/2024
Last modified:
27/02/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drivers: perf: ctr_get_width function for legacy is not defined<br /> <br /> With parameters CONFIG_RISCV_PMU_LEGACY=y and CONFIG_RISCV_PMU_SBI=n<br /> linux kernel crashes when you try perf record:<br /> <br /> $ perf record ls<br /> [ 46.749286] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000<br /> [ 46.750199] Oops [#1]<br /> [ 46.750342] Modules linked in:<br /> [ 46.750608] CPU: 0 PID: 107 Comm: perf-exec Not tainted 6.6.0 #2<br /> [ 46.750906] Hardware name: riscv-virtio,qemu (DT)<br /> [ 46.751184] epc : 0x0<br /> [ 46.751430] ra : arch_perf_update_userpage+0x54/0x13e<br /> [ 46.751680] epc : 0000000000000000 ra : ffffffff8072ee52 sp : ff2000000022b8f0<br /> [ 46.751958] gp : ffffffff81505988 tp : ff6000000290d400 t0 : ff2000000022b9c0<br /> [ 46.752229] t1 : 0000000000000001 t2 : 0000000000000003 s0 : ff2000000022b930<br /> [ 46.752451] s1 : ff600000028fb000 a0 : 0000000000000000 a1 : ff600000028fb000<br /> [ 46.752673] a2 : 0000000ae2751268 a3 : 00000000004fb708 a4 : 0000000000000004<br /> [ 46.752895] a5 : 0000000000000000 a6 : 000000000017ffe3 a7 : 00000000000000d2<br /> [ 46.753117] s2 : ff600000028fb000 s3 : 0000000ae2751268 s4 : 0000000000000000<br /> [ 46.753338] s5 : ffffffff8153e290 s6 : ff600000863b9000 s7 : ff60000002961078<br /> [ 46.753562] s8 : ff60000002961048 s9 : ff60000002961058 s10: 0000000000000001<br /> [ 46.753783] s11: 0000000000000018 t3 : ffffffffffffffff t4 : ffffffffffffffff<br /> [ 46.754005] t5 : ff6000000292270c t6 : ff2000000022bb30<br /> [ 46.754179] status: 0000000200000100 badaddr: 0000000000000000 cause: 000000000000000c<br /> [ 46.754653] Code: Unable to access instruction at 0xffffffffffffffec.<br /> [ 46.754939] ---[ end trace 0000000000000000 ]---<br /> [ 46.755131] note: perf-exec[107] exited with irqs disabled<br /> [ 46.755546] note: perf-exec[107] exited with preempt_count 4<br /> <br /> This happens because in the legacy case the ctr_get_width function was not<br /> defined, but it is used in arch_perf_update_userpage.<br /> <br /> Also remove extra check in riscv_pmu_ctr_get_width_mask

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6 (including) 6.6.21 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools