CVE-2024-50132

tracing/probes: Fix MAX_TRACE_ARGS limit handling

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tracing/probes: Fix MAX_TRACE_ARGS limit handling

When creating a trace_probe we would set nr_args prior to truncating the
arguments to MAX_TRACE_ARGS. However, we would only initialize arguments
up to the limit.

This caused invalid memory access when attempting to set up probes with
more than 128 fetchargs.

BUG: kernel NULL pointer dereference, address: 0000000000000020
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014
RIP: 0010:__set_print_fmt+0x134/0x330

Resolve the issue by applying the MAX_TRACE_ARGS limit earlier. Return
an error when there are too many arguments instead of silently
truncating.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo/sondas: Se corrige el manejo del límite MAX_TRACE_ARGS Al crear un trace_probe, estableceríamos nr_args antes de truncar los argumentos a MAX_TRACE_ARGS. Sin embargo, solo inicializaríamos los argumentos hasta el límite. Esto causaba un acceso no válido a la memoria al intentar configurar sondas con más de 128 fetchargs. ERROR: desreferencia de puntero NULL del kernel, dirección: 0000000000000020 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - página no presente PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 1769 Comm: cat No contaminado 6.11.0-rc7+ #8 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:__set_print_fmt+0x134/0x330 Resuelva el problema aplicando el límite MAX_TRACE_ARGS anteriormente. Devuelva un error cuando haya demasiados argumentos en lugar de truncarlos silenciosamente.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-05 CVE Published
2024-11-05 CVE Updated
2024-11-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/035ba76014c096316fa809a46ce0a1b9af1cde0d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/08ccd1a57c4d3882e9a877eb2dcc66e50a3b0279	2024-11-01
https://git.kernel.org/stable/c/73f35080477e893aa6f4c8d388352b871b288fbc	2024-10-23
https://git.kernel.org/stable/c/6bc24db74fe4788cc7c2f30a113fc6aafba225a3	2024-11-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.12-rc5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.12-rc5"		en		Affected