CVE-2024-36019

regmap: maple: Fix cache corruption in regcache_maple_drop()

Severity Score

5.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

regmap: maple: Fix cache corruption in regcache_maple_drop()

When keeping the upper end of a cache block entry, the entry[] array
must be indexed by the offset from the base register of the block,
i.e. max - mas.index.

The code was indexing entry[] by only the register address, leading
to an out-of-bounds access that copied some part of the kernel
memory over the cache contents.

This bug was not detected by the regmap KUnit test because it only
tests with a block of registers starting at 0, so mas.index == 0.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regmap: maple: corrige la corrupción de la caché en regcache_maple_drop() Cuando se mantiene el extremo superior de una entrada de bloque de caché, la matriz de entrada[] debe indexarse según el desplazamiento del registro base de el bloque, es decir, max - mas.index. El código indexaba la entrada [] solo por la dirección de registro, lo que generaba un acceso fuera de los límites que copiaba parte de la memoria del kernel sobre el contenido de la caché. Este error no fue detectado por la prueba regmap KUnit porque solo prueba con un bloque de registros que comienza en 0, por lo que mas.index == 0.

A vulnerability was found in the Linux kernel’s `regmap` subsystem. Due to improper indexing in the `regcache_maple_drop()` function, an out-of-bounds access could corrupt the cache by overwriting parts of it with kernel memory.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-30 CVE Published
2024-05-31 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/f033c26de5a5734625d2dd1dc196745fae186f1b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e	2024-04-10
https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53	2024-04-10
https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31	2024-03-27

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-36019	2024-09-11
https://bugzilla.redhat.com/show_bug.cgi?id=2284402	2024-09-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.6.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6.26"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.8.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.8.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.9"		en		Affected