CVE-2024-38667

Severity CVSS v4.0:
Pending analysis
Type:
CWE-787 Out-of-bounds Write
Publication date:
24/06/2024
Last modified:
30/05/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: prevent pt_regs corruption for secondary idle threads<br /> <br /> Top of the kernel thread stack should be reserved for pt_regs. However<br /> this is not the case for the idle threads of the secondary boot harts.<br /> Their stacks overlap with their pt_regs, so both may get corrupted.<br /> <br /> Similar issue has been fixed for the primary hart, see c7cdd96eca28<br /> ("riscv: prevent stack corruption by reserving task_pt_regs(p) early").<br /> However that fix was not propagated to the secondary harts. The problem<br /> has been noticed in some CPU hotplug tests with V enabled. The function<br /> smp_callin stored several registers on stack, corrupting top of pt_regs<br /> structure including status field. As a result, kernel attempted to save<br /> or restore inexistent V context.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.7 (including) 6.1.93 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.33 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.9.4 (excluding)
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*