CVE-2024-38588

ULN >
Oracle Linux CVE repository >
CVE-2024-38588

CVE Details

Release Date:

2024-06-19

Description

In the Linux kernel, the following vulnerability has been resolved:\nftrace: Fix possible use-after-free issue in ftrace_location()\nKASAN reports a bug:\nBUG: KASAN: use-after-free in ftrace_location+0x90/0x120\nRead of size 8 at addr ffff888141d40010 by task insmod/424\nCPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n[...]\nCall Trace:\n\ndump_stack_lvl+0x68/0xa0\nprint_report+0xcf/0x610\nkasan_report+0xb5/0xe0\nftrace_location+0x90/0x120\nregister_kprobe+0x14b/0xa40\nkprobe_init+0x2d/0xff0 [kprobe_example]\ndo_one_initcall+0x8f/0x2d0\ndo_init_module+0x13a/0x3c0\nload_module+0x3082/0x33d0\ninit_module_from_file+0xd2/0x130\n__x64_sys_finit_module+0x306/0x440\ndo_syscall_64+0x68/0x140\nentry_SYSCALL_64_after_hwframe+0x71/0x79\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\nCPU1 | CPU2\nregister_kprobes() { | delete_module() {\ncheck_kprobe_address_safe() { |\narch_check_ftrace_location() { |\nftrace_location() { |\nlookup_rec() // USE! | ftrace_release_mod() // Free!\nTo fix this issue:\n1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n2. Use ftrace_location_range() instead of lookup_rec() in\nftrace_location();\n3. Call synchronize_rcu() before freeing any ftrace pages both in\nftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().

See more information about CVE-2024-38588 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	5.2	CVSS Vector:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
Attack Vector:	Local network	Attack Complexity:	High
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	Low
Integrity Impact:	Low	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12618	2024-09-12
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12618	2024-09-12

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691