cve-2024-50212
Vulnerability from cvelistv5
Published
2024-11-09 10:14
Modified
2024-12-19 09:35
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
Ben Greear reports following splat:
------------[ cut here ]------------
net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload
WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0
Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat
...
Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020
RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0
codetag_unload_module+0x19b/0x2a0
? codetag_load_module+0x80/0x80
nf_nat module exit calls kfree_rcu on those addresses, but the free
operation is likely still pending by the time alloc_tag checks for leaks.
Wait for outstanding kfree_rcu operations to complete before checking
resolves this warning.
Reproducer:
unshare -n iptables-nft -t nat -A PREROUTING -p tcp
grep nf_nat /proc/allocinfo # will list 4 allocations
rmmod nft_chain_nat
rmmod nf_nat # will WARN.
[akpm@linux-foundation.org: add comment]
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "lib/codetag.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "24211fb49c9ac1b576470b7e393a5a0b50af2707", "status": "affected", "version": "a473573964e51dcb6efc182f773cd3924be4a184", "versionType": "git" }, { "lessThan": "dc783ba4b9df3fb3e76e968b2cbeb9960069263c", "status": "affected", "version": "a473573964e51dcb6efc182f773cd3924be4a184", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "lib/codetag.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.10" }, { "lessThan": "6.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: alloc_tag_module_unload must wait for pending kfree_rcu calls\n\nBen Greear reports following splat:\n ------------[ cut here ]------------\n net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload\n WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0\n Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat\n...\n Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020\n RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0\n codetag_unload_module+0x19b/0x2a0\n ? codetag_load_module+0x80/0x80\n\nnf_nat module exit calls kfree_rcu on those addresses, but the free\noperation is likely still pending by the time alloc_tag checks for leaks.\n\nWait for outstanding kfree_rcu operations to complete before checking\nresolves this warning.\n\nReproducer:\nunshare -n iptables-nft -t nat -A PREROUTING -p tcp\ngrep nf_nat /proc/allocinfo # will list 4 allocations\nrmmod nft_chain_nat\nrmmod nf_nat # will WARN.\n\n[akpm@linux-foundation.org: add comment]" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:35:32.997Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/24211fb49c9ac1b576470b7e393a5a0b50af2707" }, { "url": "https://git.kernel.org/stable/c/dc783ba4b9df3fb3e76e968b2cbeb9960069263c" } ], "title": "lib: alloc_tag_module_unload must wait for pending kfree_rcu calls", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50212", "datePublished": "2024-11-09T10:14:24.249Z", "dateReserved": "2024-10-21T19:36:19.971Z", "dateUpdated": "2024-12-19T09:35:32.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-50212\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-09T11:15:04.940\",\"lastModified\":\"2024-11-12T13:56:24.513\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nlib: alloc_tag_module_unload must wait for pending kfree_rcu calls\\n\\nBen Greear reports following splat:\\n ------------[ cut here ]------------\\n net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload\\n WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0\\n Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat\\n...\\n Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020\\n RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0\\n codetag_unload_module+0x19b/0x2a0\\n ? codetag_load_module+0x80/0x80\\n\\nnf_nat module exit calls kfree_rcu on those addresses, but the free\\noperation is likely still pending by the time alloc_tag checks for leaks.\\n\\nWait for outstanding kfree_rcu operations to complete before checking\\nresolves this warning.\\n\\nReproducer:\\nunshare -n iptables-nft -t nat -A PREROUTING -p tcp\\ngrep nf_nat /proc/allocinfo # will list 4 allocations\\nrmmod nft_chain_nat\\nrmmod nf_nat # will WARN.\\n\\n[akpm@linux-foundation.org: add comment]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib: alloc_tag_module_unload debe esperar llamadas kfree_rcu pendientes Ben Greear informa del siguiente splat: ------------[ cortar aqu\u00ed ]------------ net/netfilter/nf_nat_core.c:1114 m\u00f3dulo nf_nat func:nf_nat_register_fn tiene 256 asignados en la descarga del m\u00f3dulo ADVERTENCIA: CPU: 1 PID: 10421 en lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0 M\u00f3dulos vinculados en: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat ... Nombre del hardware: Cadena predeterminada Cadena predeterminada/SKYBAY, BIOS 5.12 08/04/2020 RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0 codetag_unload_module+0x19b/0x2a0 ? codetag_load_module+0x80/0x80 La salida del m\u00f3dulo nf_nat llama a kfree_rcu en esas direcciones, pero es probable que la operaci\u00f3n de liberaci\u00f3n a\u00fan est\u00e9 pendiente en el momento en que alloc_tag verifique si hay fugas. Espere a que se completen las operaciones kfree_rcu pendientes antes de que la verificaci\u00f3n resuelva esta advertencia. Reproductor: unshare -n iptables-nft -t nat -A PREROUTING -p tcp grep nf_nat /proc/allocinfo # enumerar\u00e1 4 asignaciones rmmod nft_chain_nat rmmod nf_nat # emitir\u00e1 una ADVERTENCIA. [akpm@linux-foundation.org: agregar comentario]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/24211fb49c9ac1b576470b7e393a5a0b50af2707\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dc783ba4b9df3fb3e76e968b2cbeb9960069263c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.