cve-2024-50155
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
I am still seeing many syzbot reports hinting that syzbot
might fool nsim_dev_trap_report_work() with hundreds of ports [1]
Lets use cond_resched(), and system_unbound_wq
instead of implicit system_wq.
[1]
INFO: task syz-executor:20633 blocked for more than 143 seconds.
Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006
...
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210
Code: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0
RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246
RAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00
RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577
R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000
R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
__local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/netdevsim/dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "24973f4b64f93232a48fe78029385de762a2418d", "status": "affected", "version": "0193e0660cc6689c794794b471492923cfd7bfbc", "versionType": "git" }, { "lessThan": "681ce79ab6fba2f8d1c5ea60239f0086baebd0d3", "status": "affected", "version": "6eecddd9c3c8d6e3a097531cdc6d500335b35e46", "versionType": "git" }, { "lessThan": "32f054f93937b548c61b3bf57d8f4aefc50f3b16", "status": "affected", "version": "ba5e1272142d051dcc57ca1d3225ad8a089f9858", "versionType": "git" }, { "lessThan": "a1494d532e28598bde7a5544892ef9c7dbfafa93", "status": "affected", "version": "ba5e1272142d051dcc57ca1d3225ad8a089f9858", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/netdevsim/dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.8" }, { "lessThan": "6.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: use cond_resched() in nsim_dev_trap_report_work()\n\nI am still seeing many syzbot reports hinting that syzbot\nmight fool nsim_dev_trap_report_work() with hundreds of ports [1]\n\nLets use cond_resched(), and system_unbound_wq\ninstead of implicit system_wq.\n\n[1]\nINFO: task syz-executor:20633 blocked for more than 143 seconds.\n Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006\n...\nNMI backtrace for cpu 1\nCPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events nsim_dev_trap_report_work\n RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210\nCode: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0\nRSP: 0018:ffffc90000a187e8 EFLAGS: 00000246\nRAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00\nRDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577\nR10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000\nR13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00\nFS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]\n nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:17.477Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/24973f4b64f93232a48fe78029385de762a2418d" }, { "url": "https://git.kernel.org/stable/c/681ce79ab6fba2f8d1c5ea60239f0086baebd0d3" }, { "url": "https://git.kernel.org/stable/c/32f054f93937b548c61b3bf57d8f4aefc50f3b16" }, { "url": "https://git.kernel.org/stable/c/a1494d532e28598bde7a5544892ef9c7dbfafa93" } ], "title": "netdevsim: use cond_resched() in nsim_dev_trap_report_work()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50155", "datePublished": "2024-11-07T09:31:31.848Z", "dateReserved": "2024-10-21T19:36:19.960Z", "dateUpdated": "2024-12-19T09:34:17.477Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-50155\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-07T10:15:07.060\",\"lastModified\":\"2024-11-22T14:51:14.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetdevsim: use cond_resched() in nsim_dev_trap_report_work()\\n\\nI am still seeing many syzbot reports hinting that syzbot\\nmight fool nsim_dev_trap_report_work() with hundreds of ports [1]\\n\\nLets use cond_resched(), and system_unbound_wq\\ninstead of implicit system_wq.\\n\\n[1]\\nINFO: task syz-executor:20633 blocked for more than 143 seconds.\\n Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\\n\\\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\\\" disables this message.\\ntask:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006\\n...\\nNMI backtrace for cpu 1\\nCPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\\nWorkqueue: events nsim_dev_trap_report_work\\n RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210\\nCode: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0\\nRSP: 0018:ffffc90000a187e8 EFLAGS: 00000246\\nRAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00\\nRDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000\\nRBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577\\nR10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000\\nR13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00\\nFS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0\\nDR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cNMI\u003e\\n \u003c/NMI\u003e\\n \u003cTASK\u003e\\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\\n nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]\\n nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850\\n process_one_work kernel/workqueue.c:3229 [inline]\\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\\n kthread+0x2f0/0x390 kernel/kthread.c:389\\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n \u003c/TASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netdevsim: use cond_resched() en nsim_dev_trap_report_work() Todav\u00eda veo muchos informes de syzbot que insin\u00faan que syzbot podr\u00eda enga\u00f1ar a nsim_dev_trap_report_work() con cientos de puertos [1] Usemos cond_resched() y system_unbound_wq en lugar de system_wq impl\u00edcito. [1] INFORMACI\u00d3N: tarea syz-executor:20633 bloqueada durante m\u00e1s de 143 segundos. No contaminada 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 \\\"echo 0 \u0026gt; /proc/sys/kernel/hung_task_timeout_secs\\\" deshabilita este mensaje. tarea:syz-executor estado:D pila:25856 pid:20633 tgid:20633 ppid:1 indicadores:0x00004006 ... Seguimiento NMI para CPU 1 CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 No contaminado 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: eventos nsim_dev_trap_report_work RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210 C\u00f3digo: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0 RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246 RAX: 00000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00 RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577 R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000 R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Seguimiento de llamadas: __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 spin_unlock_bh include/linux/spinlock.h:396 [en l\u00ednea] nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [en l\u00ednea] nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850 process_one_work kernel/workqueue.c:3229 [en l\u00ednea] process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310 subproceso de trabajo+0x870/0xd30 kernel/workqueue.c:3391 subproceso de trabajo+0x2f0/0x390 kernel/kthread.c:389 ret_de_la_bifurcaci\u00f3n+0x4b/0x80 arch/x86/kernel/process.c:147 ret_de_la_bifurcaci\u00f3n_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.78\",\"versionEndExcluding\":\"6.1.115\",\"matchCriteriaId\":\"80209D88-BDC2-46A8-958C-8C3C2CB7A8DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.17\",\"versionEndExcluding\":\"6.6.59\",\"matchCriteriaId\":\"48CE9A35-DDD2-46CB-81AC-06D8D92D6DD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.11.6\",\"matchCriteriaId\":\"2CAA29A6-36B4-4C90-A862-A816F65153DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32BD1A9C-5078-4672-8D42-E5BEDD8E13F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/24973f4b64f93232a48fe78029385de762a2418d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/32f054f93937b548c61b3bf57d8f4aefc50f3b16\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/681ce79ab6fba2f8d1c5ea60239f0086baebd0d3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a1494d532e28598bde7a5544892ef9c7dbfafa93\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.