CVE-2024-41001

{"id": "CVE-2024-41001", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-12T13:15:21.053", "references": [{"url": "https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there's a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm \"iou-sqp-455\", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 2e481b1a):\n[<00000000c0a26af4>] kmemleak_alloc+0x30/0x38\n[<000000009c30bb45>] kmalloc_trace+0x228/0x358\n[<000000009da9d39f>] __audit_sockaddr+0xd0/0x138\n[<0000000089a93e34>] move_addr_to_kernel+0x1a0/0x1f8\n[<000000000b4e80e6>] io_connect_prep+0x1ec/0x2d4\n[<00000000abfbcd99>] io_submit_sqes+0x588/0x1e48\n[<00000000e7c25e07>] io_sq_thread+0x8a4/0x10e4\n[<00000000d999b491>] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n audit call.\n2) The thread hasn't done any operations before this that triggered\n an audit call inside ->issue(), where we have audit_uring_entry()\n and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: io_uring/sqpoll: soluci\u00f3n alternativa a una posible p\u00e9rdida de memoria de auditor\u00eda. kmemleak se queja de que hay una p\u00e9rdida de memoria relacionada con el manejo de la conexi\u00f3n: objeto sin referencia 0xffff0001093bdf00 (tama\u00f1o 128): comm \"iou-sqp-455 \", pid 457, jiffies 4294894164 volcado hexadecimal (primeros 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc 2e481b1a): [&lt;00000000c0a26af4&gt;] kmemleak_alloc+0x30/0x38 [&lt;000000009c30bb45&gt;] kmalloc_trace+0x228/0x358 [&lt;000000009da9d39f&gt;] __audit_sockaddr+0xd0/0x138 [&lt;0000000089a93e34&gt;] move_addr_to_kernel+0x1a0/0x1f8 [&lt;000000000b4e80e6&gt;] connect_prep+0x1ec/0x2d4 [&lt;00000000abfbcd99&gt;] io_submit_sqes+0x588/0x1e48 [&lt;00000000e7c25e07&gt;] io_sq_thread+0x8a4/0x10e4 [&lt;00000000d999b491&gt;] ret_from_fork+0x10/0x20 lo que puede suceder si: 1) El tipo de comando hace algo en el lado de preparaci\u00f3n que desencadena una llamada de auditor\u00eda. 2) El hilo no ha realizado ninguna operaci\u00f3n antes de esto que haya desencadenado una llamada de auditor\u00eda dentro de -&gt;issue(), donde tenemos audit_uring_entry() y audit_uring_exit(). Evite esto emitiendo una operaci\u00f3n NOP general antes de que SQPOLL haga algo."}], "lastModified": "2024-11-21T09:32:02.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35AF7215-0096-45EB-86C7-28C9322438E1", "versionEndExcluding": "6.1.96"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1046C95-860A-45B0-B718-2B29F65BFF10", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}