Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-53222

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
27/12/2024
Last modified:
24/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> zram: fix NULL pointer in comp_algorithm_show()<br /> <br /> LTP reported a NULL pointer dereference as followed:<br /> <br /> CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3<br /> Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015<br /> pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : __pi_strcmp+0x24/0x140<br /> lr : zcomp_available_show+0x60/0x100 [zram]<br /> sp : ffff800088b93b90<br /> x29: ffff800088b93b90 x28: 0000000000000001 x27: 0000000000400cc0<br /> x26: 0000000000000ffe x25: ffff80007b3e2388 x24: 0000000000000000<br /> x23: ffff80007b3e2390 x22: ffff0004041a9000 x21: ffff80007b3e2900<br /> x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000<br /> x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000<br /> x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000<br /> x11: 0000000000000000 x10: ffff80007b3e2900 x9 : ffff80007b3cb280<br /> x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000<br /> x5 : 0000000000000040 x4 : 0000000000000000 x3 : 00656c722d6f7a6c<br /> x2 : 0000000000000000 x1 : ffff80007b3e2900 x0 : 0000000000000000<br /> Call trace:<br /> __pi_strcmp+0x24/0x140<br /> comp_algorithm_show+0x40/0x70 [zram]<br /> dev_attr_show+0x28/0x80<br /> sysfs_kf_seq_show+0x90/0x140<br /> kernfs_seq_show+0x34/0x48<br /> seq_read_iter+0x1d4/0x4e8<br /> kernfs_fop_read_iter+0x40/0x58<br /> new_sync_read+0x9c/0x168<br /> vfs_read+0x1a8/0x1f8<br /> ksys_read+0x74/0x108<br /> __arm64_sys_read+0x24/0x38<br /> invoke_syscall+0x50/0x120<br /> el0_svc_common.constprop.0+0xc8/0xf0<br /> do_el0_svc+0x24/0x38<br /> el0_svc+0x38/0x138<br /> el0t_64_sync_handler+0xc0/0xc8<br /> el0t_64_sync+0x188/0x190<br /> <br /> The zram-&gt;comp_algs[ZRAM_PRIMARY_COMP] can be NULL in zram_add() if<br /> comp_algorithm_set() has not been called. User can access the zram device<br /> by sysfs after device_add_disk(), so there is a time window to trigger the<br /> NULL pointer dereference. Move it ahead device_add_disk() to make sure<br /> when user can access the zram device, it is ready. comp_algorithm_set()<br /> is protected by zram-&gt;init_lock in other places and no such problem.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.12.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools