CVE-2024-57934 in Linuxالمعلومات

الملخص

بحسب MITRE • 21/01/2025

In the Linux kernel, the following vulnerability has been resolved:

fgraph: Add READ_ONCE() when accessing fgraph_array[]

In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]
elements, which are fgraph_ops. The loop checks if an element is a fgraph_stub to prevent using a fgraph_stub afterward.

However, if the compiler reloads fgraph_array[] after this check, it might
race with an update to fgraph_array[] that introduces a fgraph_stub. This
could result in the stub being processed, but the stub contains a null "func_hash" field, leading to a NULL pointer dereference.

To ensure that the gops compared against the fgraph_stub matches the gops processed later, add a READ_ONCE(). A similar patch appears in commit 63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").

VulDB is the best source for vulnerability data and more expert information about this specific topic.

مسؤول

Linux

حجز

19/01/2025

إفشاء

21/01/2025

الاعتدال

تمت الموافقة

إدخال

VDB-292672

EPSS

0.00165

KEV

لا

النشاطات

منخفض جدًا

المصادر

Might our Artificial Intelligence support you?

Check our Alexa App!