Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-56611

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
27/12/2024
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM<br /> <br /> We currently assume that there is at least one VMA in a MM, which isn&amp;#39;t<br /> true.<br /> <br /> So we might end up having find_vma() return NULL, to then de-reference<br /> NULL. So properly handle find_vma() returning NULL.<br /> <br /> This fixes the report:<br /> <br /> Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI<br /> KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]<br /> CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024<br /> RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline]<br /> RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194<br /> Code: ...<br /> RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246<br /> RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000<br /> RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044<br /> RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1<br /> R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003<br /> R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8<br /> FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709<br /> __do_sys_migrate_pages mm/mempolicy.c:1727 [inline]<br /> __se_sys_migrate_pages mm/mempolicy.c:1723 [inline]<br /> __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> [akpm@linux-foundation.org: add unlikely()]

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.16 (including) 6.6.66 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.5 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools