CVE-2024-26712

CVE Details

Release Date:

2024-04-03

Description

In the Linux kernel, the following vulnerability has been resolved:\npowerpc/kasan: Fix addr error caused by page alignment\nIn kasan_init_region, when k_start is not page aligned, at the begin of\nfor loop, k_cur = k_start & PAGE_MASK is less than k_start, and then\n`va = block + k_cur - k_start` is less than block, the addr va is invalid,\nbecause the memory address space from va to block is not alloced by\nmemblock_alloc, which will not be reserved by memblock_reserve later, it\nwill be used by other places.\nAs a result, memory overwriting occurs.\nfor example:\nint __init __weak kasan_init_region(void *start, size_t size)\n{\n[...]\n/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */\nblock = memblock_alloc(k_end - k_start, PAGE_SIZE);\n[...]\nfor (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {\n/* at the begin of for loop\n* block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)\n* va(dcd96c00) is less than block(dcd97000), va is invalid\n*/\nvoid *va = block + k_cur - k_start;\n[...]\n}\n[...]\n}\nTherefore, page alignment is performed on k_start before\nmemblock_alloc() to ensure the validity of the VA address.

See more information about CVE-2024-26712 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14