CVE-2024-57934
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
21/01/2025
Last modified:
03/02/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
fgraph: Add READ_ONCE() when accessing fgraph_array[]<br />
<br />
In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]<br />
elements, which are fgraph_ops. The loop checks if an element is a<br />
fgraph_stub to prevent using a fgraph_stub afterward.<br />
<br />
However, if the compiler reloads fgraph_array[] after this check, it might<br />
race with an update to fgraph_array[] that introduces a fgraph_stub. This<br />
could result in the stub being processed, but the stub contains a null<br />
"func_hash" field, leading to a NULL pointer dereference.<br />
<br />
To ensure that the gops compared against the fgraph_stub matches the gops<br />
processed later, add a READ_ONCE(). A similar patch appears in commit<br />
63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.11 (including) | 6.12.9 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page