CVE-2024-46790 (GCVE-0-2024-46790)
Vulnerability from cvelistv5
Published
2024-09-18 07:12
Modified
2025-05-04 09:34
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PG_hwpoison pages are freed they are treated differently in free_pages_prepare() and instead of being released they are isolated. Page allocation tag counters are decremented at this point since the page is considered not in use. Later on when such pages are released by unpoison_memory(), the allocation tag counters will be decremented again and the following warning gets reported: [ 113.930443][ T3282] ------------[ cut here ]------------ [ 113.931105][ T3282] alloc_tag was not set [ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 [ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 [ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18 [ 113.943003][ T3282] Tainted: [W]=WARN [ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946706][ T3282] sp : ffff800087093a10 [ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 [ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 [ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 [ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff [ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 [ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 [ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0 [ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff [ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 [ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 [ 113.957962][ T3282] Call trace: [ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 [ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c [ 113.959539][ T3282] free_unref_page+0xf4/0x4b8 [ 113.960096][ T3282] __folio_put+0xd4/0x120 [ 113.960614][ T3282] folio_put+0x24/0x50 [ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0 [ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject] [ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc [ 113.963183][ T3282] simple_attr_write+0x38/0x48 [ 113.963750][ T3282] debugfs_attr_write+0x54/0x80 [ 113.964330][ T3282] full_proxy_write+0x68/0x98 [ 113.964880][ T3282] vfs_write+0xdc/0x4d0 [ 113.965372][ T3282] ksys_write+0x78/0x100 [ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 [ 113.966440][ T3282] invoke_syscall+0x7c/0x104 [ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 [ 113.967652][ T3282] do_el0_svc+0x2c/0x38 [ 113.968893][ T3282] el0_svc+0x3c/0x1b8 [ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc [ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 [ 113.970511][ T3282] ---[ end trace 0000000000000000 ]--- To fix this, clear the page tag reference after the page got isolated and accounted for.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/16ad36c8e66a26626e7d0224100b433483a2acefPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5e9784e997620af7c1399029282f5d6964b41942Patch
Impacted products
Vendor Product Version
Linux Linux Version: d224eb0287fbd84f4f13eca042c7f08f87138f3b
Version: d224eb0287fbd84f4f13eca042c7f08f87138f3b
 Create a notification for this product.
   Linux Linux Version: 6.10
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46790",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:24:02.611316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:24:14.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/page_alloc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "16ad36c8e66a26626e7d0224100b433483a2acef",
              "status": "affected",
              "version": "d224eb0287fbd84f4f13eca042c7f08f87138f3b",
              "versionType": "git"
            },
            {
              "lessThan": "5e9784e997620af7c1399029282f5d6964b41942",
              "status": "affected",
              "version": "d224eb0287fbd84f4f13eca042c7f08f87138f3b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/page_alloc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncodetag: debug: mark codetags for poisoned page as empty\n\nWhen PG_hwpoison pages are freed they are treated differently in\nfree_pages_prepare() and instead of being released they are isolated.\n\nPage allocation tag counters are decremented at this point since the page\nis considered not in use.  Later on when such pages are released by\nunpoison_memory(), the allocation tag counters will be decremented again\nand the following warning gets reported:\n\n[  113.930443][ T3282] ------------[ cut here ]------------\n[  113.931105][ T3282] alloc_tag was not set\n[  113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164\n[  113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4\n[  113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G        W          6.11.0-rc4-dirty #18\n[  113.943003][ T3282] Tainted: [W]=WARN\n[  113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n[  113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164\n[  113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164\n[  113.946706][ T3282] sp : ffff800087093a10\n[  113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0\n[  113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000\n[  113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000\n[  113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff\n[  113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210\n[  113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339\n[  113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0\n[  113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff\n[  113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001\n[  113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000\n[  113.957962][ T3282] Call trace:\n[  113.958350][ T3282]  pgalloc_tag_sub.part.66+0x154/0x164\n[  113.959000][ T3282]  pgalloc_tag_sub+0x14/0x1c\n[  113.959539][ T3282]  free_unref_page+0xf4/0x4b8\n[  113.960096][ T3282]  __folio_put+0xd4/0x120\n[  113.960614][ T3282]  folio_put+0x24/0x50\n[  113.961103][ T3282]  unpoison_memory+0x4f0/0x5b0\n[  113.961678][ T3282]  hwpoison_unpoison+0x30/0x48 [hwpoison_inject]\n[  113.962436][ T3282]  simple_attr_write_xsigned.isra.34+0xec/0x1cc\n[  113.963183][ T3282]  simple_attr_write+0x38/0x48\n[  113.963750][ T3282]  debugfs_attr_write+0x54/0x80\n[  113.964330][ T3282]  full_proxy_write+0x68/0x98\n[  113.964880][ T3282]  vfs_write+0xdc/0x4d0\n[  113.965372][ T3282]  ksys_write+0x78/0x100\n[  113.965875][ T3282]  __arm64_sys_write+0x24/0x30\n[  113.966440][ T3282]  invoke_syscall+0x7c/0x104\n[  113.966984][ T3282]  el0_svc_common.constprop.1+0x88/0x104\n[  113.967652][ T3282]  do_el0_svc+0x2c/0x38\n[  113.968893][ T3282]  el0_svc+0x3c/0x1b8\n[  113.969379][ T3282]  el0t_64_sync_handler+0x98/0xbc\n[  113.969980][ T3282]  el0t_64_sync+0x19c/0x1a0\n[  113.970511][ T3282] ---[ end trace 0000000000000000 ]---\n\nTo fix this, clear the page tag reference after the page got isolated\nand accounted for."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:34:22.992Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/16ad36c8e66a26626e7d0224100b433483a2acef"
        },
        {
          "url": "https://git.kernel.org/stable/c/5e9784e997620af7c1399029282f5d6964b41942"
        }
      ],
      "title": "codetag: debug: mark codetags for poisoned page as empty",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46790",
    "datePublished": "2024-09-18T07:12:45.928Z",
    "dateReserved": "2024-09-11T15:12:18.278Z",
    "dateUpdated": "2025-05-04T09:34:22.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-46790\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-18T08:15:06.010\",\"lastModified\":\"2024-11-22T16:38:14.873\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncodetag: debug: mark codetags for poisoned page as empty\\n\\nWhen PG_hwpoison pages are freed they are treated differently in\\nfree_pages_prepare() and instead of being released they are isolated.\\n\\nPage allocation tag counters are decremented at this point since the page\\nis considered not in use.  Later on when such pages are released by\\nunpoison_memory(), the allocation tag counters will be decremented again\\nand the following warning gets reported:\\n\\n[  113.930443][ T3282] ------------[ cut here ]------------\\n[  113.931105][ T3282] alloc_tag was not set\\n[  113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4\\n[  113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G        W          6.11.0-rc4-dirty #18\\n[  113.943003][ T3282] Tainted: [W]=WARN\\n[  113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\\n[  113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n[  113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.946706][ T3282] sp : ffff800087093a10\\n[  113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0\\n[  113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000\\n[  113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000\\n[  113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff\\n[  113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210\\n[  113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339\\n[  113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0\\n[  113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff\\n[  113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001\\n[  113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000\\n[  113.957962][ T3282] Call trace:\\n[  113.958350][ T3282]  pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.959000][ T3282]  pgalloc_tag_sub+0x14/0x1c\\n[  113.959539][ T3282]  free_unref_page+0xf4/0x4b8\\n[  113.960096][ T3282]  __folio_put+0xd4/0x120\\n[  113.960614][ T3282]  folio_put+0x24/0x50\\n[  113.961103][ T3282]  unpoison_memory+0x4f0/0x5b0\\n[  113.961678][ T3282]  hwpoison_unpoison+0x30/0x48 [hwpoison_inject]\\n[  113.962436][ T3282]  simple_attr_write_xsigned.isra.34+0xec/0x1cc\\n[  113.963183][ T3282]  simple_attr_write+0x38/0x48\\n[  113.963750][ T3282]  debugfs_attr_write+0x54/0x80\\n[  113.964330][ T3282]  full_proxy_write+0x68/0x98\\n[  113.964880][ T3282]  vfs_write+0xdc/0x4d0\\n[  113.965372][ T3282]  ksys_write+0x78/0x100\\n[  113.965875][ T3282]  __arm64_sys_write+0x24/0x30\\n[  113.966440][ T3282]  invoke_syscall+0x7c/0x104\\n[  113.966984][ T3282]  el0_svc_common.constprop.1+0x88/0x104\\n[  113.967652][ T3282]  do_el0_svc+0x2c/0x38\\n[  113.968893][ T3282]  el0_svc+0x3c/0x1b8\\n[  113.969379][ T3282]  el0t_64_sync_handler+0x98/0xbc\\n[  113.969980][ T3282]  el0t_64_sync+0x19c/0x1a0\\n[  113.970511][ T3282] ---[ end trace 0000000000000000 ]---\\n\\nTo fix this, clear the page tag reference after the page got isolated\\nand accounted for.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: codetag: debug: marcar los codetags de las p\u00e1ginas envenenadas como vac\u00edos Cuando se liberan las p\u00e1ginas PG_hwpoison, se las trata de forma diferente en free_pages_prepare() y, en lugar de liberarse, se las a\u00edsla. Los contadores de etiquetas de asignaci\u00f3n de p\u00e1ginas se reducen en este punto, ya que se considera que la p\u00e1gina no est\u00e1 en uso. M\u00e1s adelante, cuando unpoison_memory() libere dichas p\u00e1ginas, los contadores de etiquetas de asignaci\u00f3n se reducir\u00e1n nuevamente y se informar\u00e1 la siguiente advertencia: [ 113.930443][ T3282] ------------[ cortar aqu\u00ed ]------------ [ 113.931105][ T3282] alloc_tag no se configur\u00f3 [ 113.931576][ T3282] ADVERTENCIA: CPU: 2 PID: 3282 en ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 [ 113.932866][ T3282] M\u00f3dulos vinculados en: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 [ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: cargado Contaminado: GW 6.11.0-rc4-dirty #18 [ 113.943003][ T3282] Contaminado: [W]=WARN [ 113.943453][ T3282] Nombre del hardware: M\u00e1quina virtual KVM QEMU, BIOS desconocido 2/2/2022 [ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946706][ T3282] sp : ffff800087093a10 [ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 [ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 [ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 [ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffffff [ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 [ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 [ 113.954120][ T3282] x11: ffff800087093500 x10: 00000000000005d x9: 00000000ffffffd0 [ 113.955078][ T3282] x8: 7f7f7f7f7f7f7f7f x7: ffff80008236ba90 x6 : c0000000ffff7fff [ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 [ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 [ 113.957962][ T3282] Rastreo de llamadas: [ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 [ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c [ 113.959539][ T3282] p\u00e1gina libre sin referencia+0xf4/0x4b8 [ 113.960096][ T3282] __folio_put+0xd4/0x120 [ 113.960614][ T3282] folio_put+0x24/0x50 [ 113.961103][ T3282] memoria sin envenenar+0x4f0/0x5b0 [ 113.961678][ T3282] memoria sin envenenar+0x30/0x48 [hwpoison_inject] [ 113.962436][ T3282] escritura_attr_simple_xsigned.isra.34+0xec/0x1cc [ 113.963183][ T3282] escritura_attr_simple+0x38/0x48 [ 113.963750][ T3282] escritura_attr_debugfs+0x54/0x80 [ 113.964330][ T3282] escritura_proxy_completa+0x68/0x98 [ 113.964880][ T3282] escritura_vfs+0xdc/0x4d0 [ 113.965372][ T3282] escritura_ksys+0x78/0x100 [ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 [ 113.966440][ T3282] invocar_llamada_al_sistema+0x7c/0x104 [ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 [ 113.967652][ T3282] do_el0_svc+0x2c/0x38 [ 113.968893][ T3282] el0_svc+0x3c/0x1b8 [ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc [ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 [ 113.970511][ T3282] ---[ fin del seguimiento 0000000000000000 ]--- Para solucionar esto, borre la referencia de la etiqueta de p\u00e1gina despu\u00e9s de que la p\u00e1gina haya sido aislada y contabilizada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10\",\"versionEndExcluding\":\"6.10.10\",\"matchCriteriaId\":\"D16659A9-BECD-4E13-8994-B096652762E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77A9280-37E6-49AD-B559-5B23A3B1DC3D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/16ad36c8e66a26626e7d0224100b433483a2acef\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5e9784e997620af7c1399029282f5d6964b41942\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-46790\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-29T14:24:02.611316Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-29T14:24:03.776Z\"}}], \"cna\": {\"title\": \"codetag: debug: mark codetags for poisoned page as empty\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"d224eb0287fb\", \"lessThan\": \"16ad36c8e66a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"d224eb0287fb\", \"lessThan\": \"5e9784e99762\", \"versionType\": \"git\"}], \"programFiles\": [\"mm/page_alloc.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.10\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.10\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.10.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"mm/page_alloc.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/16ad36c8e66a26626e7d0224100b433483a2acef\"}, {\"url\": \"https://git.kernel.org/stable/c/5e9784e997620af7c1399029282f5d6964b41942\"}], \"x_generator\": {\"engine\": \"bippy-9e1c9544281a\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncodetag: debug: mark codetags for poisoned page as empty\\n\\nWhen PG_hwpoison pages are freed they are treated differently in\\nfree_pages_prepare() and instead of being released they are isolated.\\n\\nPage allocation tag counters are decremented at this point since the page\\nis considered not in use.  Later on when such pages are released by\\nunpoison_memory(), the allocation tag counters will be decremented again\\nand the following warning gets reported:\\n\\n[  113.930443][ T3282] ------------[ cut here ]------------\\n[  113.931105][ T3282] alloc_tag was not set\\n[  113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4\\n[  113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G        W          6.11.0-rc4-dirty #18\\n[  113.943003][ T3282] Tainted: [W]=WARN\\n[  113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\\n[  113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n[  113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.946706][ T3282] sp : ffff800087093a10\\n[  113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0\\n[  113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000\\n[  113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000\\n[  113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff\\n[  113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210\\n[  113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339\\n[  113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0\\n[  113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff\\n[  113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001\\n[  113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000\\n[  113.957962][ T3282] Call trace:\\n[  113.958350][ T3282]  pgalloc_tag_sub.part.66+0x154/0x164\\n[  113.959000][ T3282]  pgalloc_tag_sub+0x14/0x1c\\n[  113.959539][ T3282]  free_unref_page+0xf4/0x4b8\\n[  113.960096][ T3282]  __folio_put+0xd4/0x120\\n[  113.960614][ T3282]  folio_put+0x24/0x50\\n[  113.961103][ T3282]  unpoison_memory+0x4f0/0x5b0\\n[  113.961678][ T3282]  hwpoison_unpoison+0x30/0x48 [hwpoison_inject]\\n[  113.962436][ T3282]  simple_attr_write_xsigned.isra.34+0xec/0x1cc\\n[  113.963183][ T3282]  simple_attr_write+0x38/0x48\\n[  113.963750][ T3282]  debugfs_attr_write+0x54/0x80\\n[  113.964330][ T3282]  full_proxy_write+0x68/0x98\\n[  113.964880][ T3282]  vfs_write+0xdc/0x4d0\\n[  113.965372][ T3282]  ksys_write+0x78/0x100\\n[  113.965875][ T3282]  __arm64_sys_write+0x24/0x30\\n[  113.966440][ T3282]  invoke_syscall+0x7c/0x104\\n[  113.966984][ T3282]  el0_svc_common.constprop.1+0x88/0x104\\n[  113.967652][ T3282]  do_el0_svc+0x2c/0x38\\n[  113.968893][ T3282]  el0_svc+0x3c/0x1b8\\n[  113.969379][ T3282]  el0t_64_sync_handler+0x98/0xbc\\n[  113.969980][ T3282]  el0t_64_sync+0x19c/0x1a0\\n[  113.970511][ T3282] ---[ end trace 0000000000000000 ]---\\n\\nTo fix this, clear the page tag reference after the page got isolated\\nand accounted for.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-11-05T09:46:41.289Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-46790\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-05T09:46:41.289Z\", \"dateReserved\": \"2024-09-11T15:12:18.278Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-09-18T07:12:45.928Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.