CVE-2024-38588

CVE Details

Release Date:2024-06-19

Description


In the Linux kernel, the following vulnerability has been resolved:\nftrace: Fix possible use-after-free issue in ftrace_location()\nKASAN reports a bug:\nBUG: KASAN: use-after-free in ftrace_location+0x90/0x120\nRead of size 8 at addr ffff888141d40010 by task insmod/424\nCPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+\n[...]\nCall Trace:\n\ndump_stack_lvl+0x68/0xa0\nprint_report+0xcf/0x610\nkasan_report+0xb5/0xe0\nftrace_location+0x90/0x120\nregister_kprobe+0x14b/0xa40\nkprobe_init+0x2d/0xff0 [kprobe_example]\ndo_one_initcall+0x8f/0x2d0\ndo_init_module+0x13a/0x3c0\nload_module+0x3082/0x33d0\ninit_module_from_file+0xd2/0x130\n__x64_sys_finit_module+0x306/0x440\ndo_syscall_64+0x68/0x140\nentry_SYSCALL_64_after_hwframe+0x71/0x79\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\nCPU1 | CPU2\nregister_kprobes() { | delete_module() {\ncheck_kprobe_address_safe() { |\narch_check_ftrace_location() { |\nftrace_location() { |\nlookup_rec() // USE! | ftrace_release_mod() // Free!\nTo fix this issue:\n1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n2. Use ftrace_location_range() instead of lookup_rec() in\nftrace_location();\n3. Call synchronize_rcu() before freeing any ftrace pages both in\nftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().

See more information about CVE-2024-38588 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.2 CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H
Attack Vector: Local network Attack Complexity: High
Privileges Required: High User Interaction: None
Scope: Unchanged Confidentiality Impact: Low
Integrity Impact: Low Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 8 (kernel-uek)ELSA-2024-126182024-09-12
Oracle Linux version 9 (kernel-uek)ELSA-2024-126182024-09-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete