Linux Kernel up to 6.11.6 lib/slub_kunit.c __kmalloc_cache_noprof allocation of resources

Summaryinfo

A vulnerability classified as problematic has been found in Linux Kernel up to 6.11.6. This impacts the function __kmalloc_cache_noprof in the library lib/slub_kunit.c. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2024-53049. No exploit is available. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.11.6 and classified as problematic. This issue affects the function __kmalloc_cache_noprof in the library lib/slub_kunit.c. The manipulation with an unknown input leads to a allocation of resources vulnerability. Using CWE to declare the problem leads to CWE-770. The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof 'modprobe slub_kunit' will have a warning as shown below. The root cause is that __kmalloc_cache_noprof was directly used, which resulted in no alloc_tag being allocated. This caused current->alloc_tag to be null, leading to a warning in alloc_tag_add_check. Let's add an alloc_hook layer to __kmalloc_cache_noprof specifically within lib/slub_kunit.c, which is the only user of this internal slub function outside kmalloc implementation itself. [58162.947016] WARNING: CPU: 2 PID: 6210 at ./include/linux/alloc_tag.h:125 alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.957721] Call trace: [58162.957919] alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.958286] __kmalloc_cache_noprof+0x14c/0x344 [58162.958615] test_kmalloc_redzone_access+0x50/0x10c [slub_kunit] [58162.959045] kunit_try_run_case+0x74/0x184 [kunit] [58162.959401] kunit_generic_run_threadfn_adapter+0x2c/0x4c [kunit] [58162.959841] kthread+0x10c/0x118 [58162.960093] ret_from_fork+0x10/0x20 [58162.960363] ---[ end trace 0000000000000000 ]---

The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2024-53049 since 11/19/2024. The exploitation is known to be difficult. Technical details are known, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 216493 (Ubuntu 24.10 : Linux kernel vulnerabilities (USN-7276-1)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.11.7 eliminates this vulnerability. Applying the patch 79aea7dfd98f/2b059d0d1e62 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (216493) and CERT Bund (WID-SEC-2024-3509). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Affected

• Google Container-Optimized OS
• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• RESF Rocky Linux
• Dell NetWorker
• Open Source Linux Kernel
• Dell Avamar
• IBM QRadar SIEM
• IBM DataPower Gateway
• Dell PowerProtect Data Domain

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.11.0
• 6.11.1
• 6.11.2
• 6.11.3
• 6.11.4
• 6.11.5
• 6.11.6

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion