CVE-2024-50132

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
05/11/2024
Last modified:
07/11/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing/probes: Fix MAX_TRACE_ARGS limit handling<br /> <br /> When creating a trace_probe we would set nr_args prior to truncating the<br /> arguments to MAX_TRACE_ARGS. However, we would only initialize arguments<br /> up to the limit.<br /> <br /> This caused invalid memory access when attempting to set up probes with<br /> more than 128 fetchargs.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000020<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: Oops: 0000 [#1] PREEMPT SMP PTI<br /> CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014<br /> RIP: 0010:__set_print_fmt+0x134/0x330<br /> <br /> Resolve the issue by applying the MAX_TRACE_ARGS limit earlier. Return<br /> an error when there are too many arguments instead of silently<br /> truncating.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.9 (including) 6.11.6 (excluding)
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*