Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-50155

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/11/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netdevsim: use cond_resched() in nsim_dev_trap_report_work()<br /> <br /> I am still seeing many syzbot reports hinting that syzbot<br /> might fool nsim_dev_trap_report_work() with hundreds of ports [1]<br /> <br /> Lets use cond_resched(), and system_unbound_wq<br /> instead of implicit system_wq.<br /> <br /> [1]<br /> INFO: task syz-executor:20633 blocked for more than 143 seconds.<br /> Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006<br /> ...<br /> NMI backtrace for cpu 1<br /> CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024<br /> Workqueue: events nsim_dev_trap_report_work<br /> RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210<br /> Code: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0<br /> RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246<br /> RAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00<br /> RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000<br /> RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577<br /> R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000<br /> R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00<br /> FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0<br /> DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> <br /> <br /> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382<br /> spin_unlock_bh include/linux/spinlock.h:396 [inline]<br /> nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]<br /> nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850<br /> process_one_work kernel/workqueue.c:3229 [inline]<br /> process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310<br /> worker_thread+0x870/0xd30 kernel/workqueue.c:3391<br /> kthread+0x2f0/0x390 kernel/kthread.c:389<br /> ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147<br /> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244<br />

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1.78 (including) 6.1.115 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6.17 (including) 6.6.59 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.11.6 (excluding)
cpe:2.3:o:linux:linux_kernel:6.7.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools