Linux Kernel up to 6.12.3 slab create_cache denial of service

Summaryinfo

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.3. This affects the function create_cache of the component slab. This manipulation causes denial of service. The identification of this vulnerability is CVE-2024-56560. There is no exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Linux Kernel up to 6.12.3 and classified as critical. Affected by this vulnerability is the function create_cache of the component slab. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: slab: Fix too strict alignment check in create_cache() On m68k, where the minimum alignment of unsigned long is 2 bytes: Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22 CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783 Stack from 0102fe5c: 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b 0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044 0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007 01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4 00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004 00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88 Call Trace: [] dump_stack+0xc/0x10 [] panic+0xd8/0x26c [] __kmem_cache_create_args+0x278/0x2e8 [] __kmem_cache_create_args+0x0/0x2e8 [] memset+0x0/0x8c [] io_uring_init+0x54/0xd2 The minimal alignment of an integral type may differ from its size, hence is not safe to assume that an arbitrary freeptr_t (which is basically an unsigned long) is always aligned to 4 or 8 bytes. As nothing seems to require the additional alignment, it is safe to fix this by relaxing the check to the actual minimum alignment of freeptr_t.

The advisory is shared at git.kernel.org. This vulnerability is known as CVE-2024-56560 since 12/27/2024. The exploitation appears to be difficult. Technical details are known, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 246884 (Linux Distros Unpatched Vulnerability : CVE-2024-56560), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.12.4 eliminates this vulnerability. Applying the patch 8b5aea5e5186733fa4e5aa4293b0a65a933f1a16/9008fe8fad8255edfdbecea32d7eb0485d939d0d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (246884) and CERT Bund (WID-SEC-2024-3762). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• RESF Rocky Linux
• Dell NetWorker
• Dell Avamar
• Red Hat OpenShift
• IBM QRadar SIEM
• Dell PowerProtect Data Domain
• Open Source Linux Kernel
• IBM DataPower Gateway
• Dell Secure Connect Gateway

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.12.0
• 6.12.1
• 6.12.2
• 6.12.3

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion