ghsa-mxxf-4gg8-94vw
Vulnerability from github
Published
2024-08-26 12:31
Modified
2024-09-05 21:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix overflow in get_free_elt()

"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.

Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (max_elts) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using __tracing_map_insert(), it will cause an infinite loop with preemption disabled, leading to a CPU hang problem.

Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt".

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-43890"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-26T11:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map-\u003enext_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map-\u003emax_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map-\u003enext_elt\"\nonce it reaches \"tracing_map-\u003emax_elt\".",
  "id": "GHSA-mxxf-4gg8-94vw",
  "modified": "2024-09-05T21:31:33Z",
  "published": "2024-08-26T12:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43890"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.