CVE-2024-53128
Vulnerability from cvelistv5
Published
2024-12-04 14:20
Modified
2024-12-04 14:20
Severity ?
EPSS score ?
Summary
sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/linux/sched/task_stack.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "fbfe23012cec", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "fd7b4f9f46d4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/linux/sched/task_stack.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.10", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/task_stack: fix object_is_on_stack() for KASAN tagged pointers\n\nWhen CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the\nobject_is_on_stack() function may produce incorrect results due to the\npresence of tags in the obj pointer, while the stack pointer does not have\ntags. This discrepancy can lead to incorrect stack object detection and\nsubsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled.\n\nExample of the warning:\n\nODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364\nModules linked in:\nCPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4\nHardware name: linux,dummy-virt (DT)\npstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __debug_object_init+0x330/0x364\nlr : __debug_object_init+0x330/0x364\nsp : ffff800082ea7b40\nx29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534\nx26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0\nx23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418\nx20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000\nx17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e\nx14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e\nx11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800\nx8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4\nx2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050\nCall trace:\n __debug_object_init+0x330/0x364\n debug_object_init_on_stack+0x30/0x3c\n schedule_hrtimeout_range_clock+0xac/0x26c\n schedule_hrtimeout+0x1c/0x30\n wait_task_inactive+0x1d4/0x25c\n kthread_bind_mask+0x28/0x98\n init_rescuer+0x1e8/0x280\n workqueue_init+0x1a0/0x3cc\n kernel_init_freeable+0x118/0x200\n kernel_init+0x28/0x1f0\n ret_from_fork+0x10/0x20\n---[ end trace 0000000000000000 ]---\nODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.\n------------[ cut here ]------------" } ], "providerMetadata": { "dateUpdated": "2024-12-04T14:20:34.985Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/fbfe23012cec509dfbe09852019c4e4bb84999d0" }, { "url": "https://git.kernel.org/stable/c/fd7b4f9f46d46acbc7af3a439bb0d869efdc5c58" } ], "title": "sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers", "x_generator": { "engine": "bippy-8e903de6a542" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-53128", "datePublished": "2024-12-04T14:20:34.985Z", "dateReserved": "2024-11-19T17:17:24.995Z", "dateUpdated": "2024-12-04T14:20:34.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-53128\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-04T15:15:12.737\",\"lastModified\":\"2024-12-04T15:15:12.737\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nsched/task_stack: fix object_is_on_stack() for KASAN tagged pointers\\n\\nWhen CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the\\nobject_is_on_stack() function may produce incorrect results due to the\\npresence of tags in the obj pointer, while the stack pointer does not have\\ntags. This discrepancy can lead to incorrect stack object detection and\\nsubsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled.\\n\\nExample of the warning:\\n\\nODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.\\n------------[ cut here ]------------\\nWARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364\\nModules linked in:\\nCPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4\\nHardware name: linux,dummy-virt (DT)\\npstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\npc : __debug_object_init+0x330/0x364\\nlr : __debug_object_init+0x330/0x364\\nsp : ffff800082ea7b40\\nx29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534\\nx26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0\\nx23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418\\nx20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000\\nx17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e\\nx14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e\\nx11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800\\nx8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001\\nx5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4\\nx2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050\\nCall trace:\\n __debug_object_init+0x330/0x364\\n debug_object_init_on_stack+0x30/0x3c\\n schedule_hrtimeout_range_clock+0xac/0x26c\\n schedule_hrtimeout+0x1c/0x30\\n wait_task_inactive+0x1d4/0x25c\\n kthread_bind_mask+0x28/0x98\\n init_rescuer+0x1e8/0x280\\n workqueue_init+0x1a0/0x3cc\\n kernel_init_freeable+0x118/0x200\\n kernel_init+0x28/0x1f0\\n ret_from_fork+0x10/0x20\\n---[ end trace 0000000000000000 ]---\\nODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.\\n------------[ cut here ]------------\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/task_stack: correcci\u00f3n de object_is_on_stack() para punteros etiquetados de KASAN Cuando CONFIG_KASAN_SW_TAGS y CONFIG_KASAN_STACK est\u00e1n habilitados, la funci\u00f3n object_is_on_stack() puede producir resultados incorrectos debido a la presencia de etiquetas en el puntero obj, mientras que el puntero de pila no tiene etiquetas. Esta discrepancia puede provocar una detecci\u00f3n incorrecta de objetos de pila y, posteriormente, activar advertencias si CONFIG_DEBUG_OBJECTS tambi\u00e9n est\u00e1 habilitado. Ejemplo de la advertencia: ODEBUG: el objeto 3eff800082ea7bb0 NO est\u00e1 en la pila ffff800082ea0000, pero est\u00e1 anotado. ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 0 PID: 1 en lib/debugobjects.c:557 __debug_object_init+0x330/0x364 M\u00f3dulos vinculados: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 No contaminado 6.12.0-rc5 #4 Nombre del hardware: linux,dummy-virt (DT) pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __debug_object_init+0x330/0x364 lr : __debug_object_init+0x330/0x364 sp : ffff800082ea7b40 x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534 x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0 x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418 x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 00000000000000000 x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9: 34d77febe173e800 x8: 34d77febe173e800 x7: 0000000000000001 x6: 00000000000000001 x5: feff800082ea74b8 x4: ffff800082870a90 x3: ffff80008018d3c4 x2: 0000000000000001 x1: ffff800082858810 x0: 0000000000000050 Seguimiento de llamadas: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 ---[ fin del seguimiento 000000000000000 ]--- ODEBUG: el objeto 3eff800082ea7bb0 NO est\u00e1 en la pila ffff800082ea0000, pero est\u00e1 anotado. ------------[ cortar aqu\u00ed ]------------\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/fbfe23012cec509dfbe09852019c4e4bb84999d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd7b4f9f46d46acbc7af3a439bb0d869efdc5c58\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.