CVE-2024-39277

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dma-mapping: benchmark: handle NUMA_NO_NODE correctly<br /> <br /> cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()<br /> resulting in the following sanitizer report:<br /> <br /> UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28<br /> index -1 is out of range for type &amp;#39;cpumask [64][1]&amp;#39;<br /> CPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)<br /> Call Trace:<br /> <br /> dump_stack_lvl (lib/dump_stack.c:117)<br /> ubsan_epilogue (lib/ubsan.c:232)<br /> __ubsan_handle_out_of_bounds (lib/ubsan.c:429)<br /> cpumask_of_node (arch/x86/include/asm/topology.h:72) [inline]<br /> do_map_benchmark (kernel/dma/map_benchmark.c:104)<br /> map_benchmark_ioctl (kernel/dma/map_benchmark.c:246)<br /> full_proxy_unlocked_ioctl (fs/debugfs/file.c:333)<br /> __x64_sys_ioctl (fs/ioctl.c:890)<br /> do_syscall_64 (arch/x86/entry/common.c:83)<br /> entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)<br /> <br /> Use cpumask_of_node() in place when binding a kernel thread to a cpuset<br /> of a particular node.<br /> <br /> Note that the provided node id is checked inside map_benchmark_ioctl().<br /> It&amp;#39;s just a NUMA_NO_NODE case which is not handled properly later.<br /> <br /> Found by Linux Verification Center (linuxtesting.org).