CVE-2024-50132
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
05/11/2024
Last modified:
07/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
tracing/probes: Fix MAX_TRACE_ARGS limit handling<br />
<br />
When creating a trace_probe we would set nr_args prior to truncating the<br />
arguments to MAX_TRACE_ARGS. However, we would only initialize arguments<br />
up to the limit.<br />
<br />
This caused invalid memory access when attempting to set up probes with<br />
more than 128 fetchargs.<br />
<br />
BUG: kernel NULL pointer dereference, address: 0000000000000020<br />
#PF: supervisor read access in kernel mode<br />
#PF: error_code(0x0000) - not-present page<br />
PGD 0 P4D 0<br />
Oops: Oops: 0000 [#1] PREEMPT SMP PTI<br />
CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8<br />
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014<br />
RIP: 0010:__set_print_fmt+0x134/0x330<br />
<br />
Resolve the issue by applying the MAX_TRACE_ARGS limit earlier. Return<br />
an error when there are too many arguments instead of silently<br />
truncating.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.9 (including) | 6.11.6 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page