Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-56718

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/12/2024
Last modified:
10/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/smc: protect link down work from execute after lgr freed<br /> <br /> link down work may be scheduled before lgr freed but execute<br /> after lgr freed, which may result in crash. So it is need to<br /> hold a reference before shedule link down work, and put the<br /> reference after work executed or canceled.<br /> <br /> The relevant crash call stack as follows:<br /> list_del corruption. prev-&gt;next should be ffffb638c9c0fe20,<br /> but was 0000000000000000<br /> ------------[ cut here ]------------<br /> kernel BUG at lib/list_debug.c:51!<br /> invalid opcode: 0000 [#1] SMP NOPTI<br /> CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1<br /> Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014<br /> Workqueue: events smc_link_down_work [smc]<br /> RIP: 0010:__list_del_entry_valid.cold+0x31/0x47<br /> RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086<br /> RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000<br /> RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80<br /> RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38<br /> R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002<br /> R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0<br /> FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> PKRU: 55555554<br /> Call Trace:<br /> rwsem_down_write_slowpath+0x17e/0x470<br /> smc_link_down_work+0x3c/0x60 [smc]<br /> process_one_work+0x1ac/0x350<br /> worker_thread+0x49/0x2f0<br /> ? rescuer_thread+0x360/0x360<br /> kthread+0x118/0x140<br /> ? __kthread_bind_mask+0x60/0x60<br /> ret_from_fork+0x1f/0x30

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.8 (including) 6.1.122 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.68 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools