CVE-2024-43890

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using `__tracing_map_insert()`, it will cause an infinite loop with preemption disabled, leading to a CPU hang problem. Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt".

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6	Patch
https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c	Patch
https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5	Patch
https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8	Patch
https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143	Patch
https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da	Patch
https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18	Patch
https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::

History

05 Sep 2024, 18:48

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: corrige el desbordamiento en get_free_elt() "tracing_map->next_elt" en get_free_elt() corre el riesgo de desbordarse. Una vez que se desborda, aún se pueden insertar nuevos elementos en tracing_map aunque se haya alcanzado el número máximo de elementos (`max_elts`). Continuar insertando elementos después del desbordamiento podría dar como resultado que tracing_map contenga elementos "tracing_map->max_size", sin dejar entradas vacías. Si se intenta insertar un elemento en un tracing_map completo usando `__tracing_map_insert()`, se producirá un bucle infinito con la preferencia deshabilitada, lo que provocará un problema de bloqueo de la CPU. Solucione este problema evitando incrementos adicionales en "tracing_map->next_elt" una vez que llegue a "tracing_map->max_elt".
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-190
References	~~() https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6 -~~	() https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6 - Patch
References	~~() https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c -~~	() https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c - Patch
References	~~() https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5 -~~	() https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5 - Patch
References	~~() https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8 -~~	() https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8 - Patch
References	~~() https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143 -~~	() https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143 - Patch
References	~~() https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da -~~	() https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da - Patch
References	~~() https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18 -~~	() https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18 - Patch
References	~~() https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a -~~	() https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a - Patch

26 Aug 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-26 11:15

Updated : 2024-09-05 18:48

NVD link : CVE-2024-43890

Mitre link : CVE-2024-43890

CVE.ORG link : CVE-2024-43890

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-43890", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-26T11:15:04.040", "references": [{"url": "https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix overflow in get_free_elt()\n\n\"tracing_map->next_elt\" in get_free_elt() is at risk of overflowing.\n\nOnce it overflows, new elements can still be inserted into the tracing_map\neven though the maximum number of elements (`max_elts`) has been reached.\nContinuing to insert elements after the overflow could result in the\ntracing_map containing \"tracing_map->max_size\" elements, leaving no empty\nentries.\nIf any attempt is made to insert an element into a full tracing_map using\n`__tracing_map_insert()`, it will cause an infinite loop with preemption\ndisabled, leading to a CPU hang problem.\n\nFix this by preventing any further increments to \"tracing_map->next_elt\"\nonce it reaches \"tracing_map->max_elt\"."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: corrige el desbordamiento en get_free_elt() \"tracing_map->next_elt\" en get_free_elt() corre el riesgo de desbordarse. Una vez que se desborda, a\u00fan se pueden insertar nuevos elementos en tracing_map aunque se haya alcanzado el n\u00famero m\u00e1ximo de elementos (`max_elts`). Continuar insertando elementos despu\u00e9s del desbordamiento podr\u00eda dar como resultado que tracing_map contenga elementos \"tracing_map->max_size\", sin dejar entradas vac\u00edas. Si se intenta insertar un elemento en un tracing_map completo usando `__tracing_map_insert()`, se producir\u00e1 un bucle infinito con la preferencia deshabilitada, lo que provocar\u00e1 un problema de bloqueo de la CPU. Solucione este problema evitando incrementos adicionales en \"tracing_map->next_elt\" una vez que llegue a \"tracing_map->max_elt\"."}], "lastModified": "2024-09-05T18:48:30.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5445A05-438F-486B-AA08-94074DAF4196", "versionEndExcluding": "4.19.320", "versionStartIncluding": "4.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8961D98-9ACF-4188-BA88-44038B14BC28", "versionEndExcluding": "5.4.282", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CCEDF13-293D-4E64-B501-4409D0365AFE", "versionEndExcluding": "5.10.224", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4E2B568-3171-41DE-B519-F2B1A3600D94", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89BEB24B-0F37-4C92-A397-564DA7CD8EE9", "versionEndExcluding": "6.1.105", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA11941E-81FB-484C-B583-881EEB488340", "versionEndExcluding": "6.6.46", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D074AE50-4A5E-499C-A2FD-75FD60DEA560", "versionEndExcluding": "6.10.5", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}

5.5 /10