ghsa-2j8j-3mm8-v4qx
Vulnerability from github
Published
2024-12-27 15:31
Modified
2024-12-27 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

slab: Fix too strict alignment check in create_cache()

On m68k, where the minimum alignment of unsigned long is 2 bytes:

Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22
CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783
Stack from 0102fe5c:
    0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b
    0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044
    0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007
    01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4
    00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004
    00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88
Call Trace: [<00425e78>] dump_stack+0xc/0x10
 [<0041eb74>] panic+0xd8/0x26c
 [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8
 [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8
 [<0041e5f0>] memset+0x0/0x8c
 [<005f67c0>] io_uring_init+0x54/0xd2

The minimal alignment of an integral type may differ from its size, hence is not safe to assume that an arbitrary freeptr_t (which is basically an unsigned long) is always aligned to 4 or 8 bytes.

As nothing seems to require the additional alignment, it is safe to fix this by relaxing the check to the actual minimum alignment of freeptr_t.

Show details on source website

To clipboard 

{
   affected: [],
   aliases: [
      "CVE-2024-56560",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-12-27T15:15:14Z",
      severity: null,
   },
   details: "In the Linux kernel, the following vulnerability has been resolved:\n\nslab: Fix too strict alignment check in create_cache()\n\nOn m68k, where the minimum alignment of unsigned long is 2 bytes:\n\n    Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22\n    CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783\n    Stack from 0102fe5c:\n\t    0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b\n\t    0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044\n\t    0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007\n\t    01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4\n\t    00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004\n\t    00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88\n    Call Trace: [<00425e78>] dump_stack+0xc/0x10\n     [<0041eb74>] panic+0xd8/0x26c\n     [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8\n     [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8\n     [<0041e5f0>] memset+0x0/0x8c\n     [<005f67c0>] io_uring_init+0x54/0xd2\n\nThe minimal alignment of an integral type may differ from its size,\nhence is not safe to assume that an arbitrary freeptr_t (which is\nbasically an unsigned long) is always aligned to 4 or 8 bytes.\n\nAs nothing seems to require the additional alignment, it is safe to fix\nthis by relaxing the check to the actual minimum alignment of freeptr_t.",
   id: "GHSA-2j8j-3mm8-v4qx",
   modified: "2024-12-27T15:31:53Z",
   published: "2024-12-27T15:31:53Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-56560",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/8b5aea5e5186733fa4e5aa4293b0a65a933f1a16",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/9008fe8fad8255edfdbecea32d7eb0485d939d0d",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.