CVE-2024-26710

powerpc/kasan: Limit KASAN thread size increase to 32KB

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported
to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in
commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with
KASAN"). However with a 32KB stack size to begin with, the doubling leads to a
64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack seems
sufficient even for KASAN builds - the additional usage seems to be in
the 2-3KB range for a 64-bit KASAN build. So only increase the stack for KASAN if the stack size is < 32KB.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/kasan: limitar el aumento del tamaño del subproceso KASAN a 32 KB. Se considera que KASAN aumenta el uso de la pila, hasta el punto de que se informó que provoca un desbordamiento de la pila en algunas máquinas de 32 bits ( ver enlace). Para evitar desbordamientos, el tamaño de la pila se duplicó para las compilaciones de KASAN en el commit 3e8635fb2e07 ("powerpc/kasan: Forzar el aumento del tamaño del subproceso con KASAN"). Sin embargo, con un tamaño de pila de 32 KB para empezar, la duplicación conduce a una pila de 64 KB, lo que provoca errores de compilación: arch/powerpc/kernel/switch.S:249: Error: operando fuera de rango (0x000000000000fe50 no está entre 0xffffffffffff8000 y 0x00000000000007fff) Aunque el conjunto podría modificarse, en la práctica una pila de 32 KB parece suficiente incluso para compilaciones KASAN; el uso adicional parece estar en el rango de 2 a 3 KB para una compilación KASAN de 64 bits. Por lo tanto, solo aumente la pila para KASAN si el tamaño de la pila es <32 KB.

In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with KASAN"). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors: arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff) Although the asm could be reworked, in practice a 32KB stack seems sufficient even for KASAN builds - the additional usage seems to be in the 2-3KB range for a 64-bit KASAN build. So only increase the stack for KASAN if the stack size is < 32KB.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-04-04 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/9ccf64e763aca088b0d25c1274af42b1a6a45135	Vuln. Introduced
https://git.kernel.org/stable/c/b38014874530d3776de75679315e8c1fe04aa89b	Vuln. Introduced
https://git.kernel.org/stable/c/58f396513cb1fa4ef91838c78698d458100cc27c	Vuln. Introduced
https://git.kernel.org/stable/c/f9a4c401bf4c5af3437ad221c0a5880a518068d4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4297217bcf1f0948a19c2bacc6b68d92e7778ad9	2024-02-23
https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb	2024-02-23
https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe	2024-02-23
https://git.kernel.org/stable/c/f1acb109505d983779bbb7e20a1ee6244d2b5736	2024-02-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.75 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.75 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.14 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.14 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7.2 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7.2 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.1.76 Search vendor "Linux" for product "Linux Kernel" and version "6.1.76"		en		Affected