CVE-2024-38568

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38568
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38568.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-38568
Downstream
Related
Published
2024-06-19T13:35:34Z
Modified
2025-10-15T12:43:37.664755Z
Summary
drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group

The perf tool allows users to create event groups through following cmd [1], but the driver does not check whether the array index is out of bounds when writing data to the eventgroup array. If the number of events in an eventgroup is greater than HNS3PMUMAXHWEVENTS, the memory write overflow of event_group array occurs.

Add array index check to fix the possible array out of bounds violation, and return directly when write new events are written to array bounds.

There are 9 different events in an event_group. [1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
66637ab137b44914356a9dc7a9b3f8ebcf0b0695
Fixed
3669baf308308385a2ab391324abdde5682af5aa
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
66637ab137b44914356a9dc7a9b3f8ebcf0b0695
Fixed
be1fa711e59c874d049f592aef1d4685bdd22bdf
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
66637ab137b44914356a9dc7a9b3f8ebcf0b0695
Fixed
b5120d322763c15c978bc47beb3b6dff45624304
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
66637ab137b44914356a9dc7a9b3f8ebcf0b0695
Fixed
aa2d3d678895c8eedd003f1473f87d3f06fe6ec7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
66637ab137b44914356a9dc7a9b3f8ebcf0b0695
Fixed
81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e

Affected versions

v5.*

v5.19
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "227848542426135749650059761419217658061",
                    "48995873868544875572101008686063931126",
                    "316494427388257505416063358437535960234",
                    "110341734570665479850564625131248085650",
                    "273992299718025182238509656517241657503",
                    "45416000029387775944833504941744670893",
                    "225788687972160165138220468356608605289",
                    "47769041152143365932725979063599360346",
                    "155793584126601062118009173817993454600",
                    "172551347376801035252082831463435458622",
                    "15958873413655238639398777048380868728"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-2da5ac66"
        },
        {
            "digest": {
                "length": 640.0,
                "function_hash": "264931902141925246815446657243813216408"
            },
            "target": {
                "function": "hns3_pmu_validate_event_group",
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be1fa711e59c874d049f592aef1d4685bdd22bdf",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-3adde89d"
        },
        {
            "digest": {
                "length": 640.0,
                "function_hash": "264931902141925246815446657243813216408"
            },
            "target": {
                "function": "hns3_pmu_validate_event_group",
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-48dd46ee"
        },
        {
            "digest": {
                "length": 640.0,
                "function_hash": "264931902141925246815446657243813216408"
            },
            "target": {
                "function": "hns3_pmu_validate_event_group",
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa2d3d678895c8eedd003f1473f87d3f06fe6ec7",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-615b694b"
        },
        {
            "digest": {
                "line_hashes": [
                    "227848542426135749650059761419217658061",
                    "48995873868544875572101008686063931126",
                    "316494427388257505416063358437535960234",
                    "110341734570665479850564625131248085650",
                    "273992299718025182238509656517241657503",
                    "45416000029387775944833504941744670893",
                    "225788687972160165138220468356608605289",
                    "47769041152143365932725979063599360346",
                    "155793584126601062118009173817993454600",
                    "172551347376801035252082831463435458622",
                    "15958873413655238639398777048380868728"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5120d322763c15c978bc47beb3b6dff45624304",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-661cd34d"
        },
        {
            "digest": {
                "length": 640.0,
                "function_hash": "264931902141925246815446657243813216408"
            },
            "target": {
                "function": "hns3_pmu_validate_event_group",
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3669baf308308385a2ab391324abdde5682af5aa",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-7fe4125a"
        },
        {
            "digest": {
                "line_hashes": [
                    "227848542426135749650059761419217658061",
                    "48995873868544875572101008686063931126",
                    "316494427388257505416063358437535960234",
                    "110341734570665479850564625131248085650",
                    "273992299718025182238509656517241657503",
                    "45416000029387775944833504941744670893",
                    "225788687972160165138220468356608605289",
                    "47769041152143365932725979063599360346",
                    "155793584126601062118009173817993454600",
                    "172551347376801035252082831463435458622",
                    "15958873413655238639398777048380868728"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be1fa711e59c874d049f592aef1d4685bdd22bdf",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-9a2db95b"
        },
        {
            "digest": {
                "length": 640.0,
                "function_hash": "264931902141925246815446657243813216408"
            },
            "target": {
                "function": "hns3_pmu_validate_event_group",
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b5120d322763c15c978bc47beb3b6dff45624304",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-ab49fe89"
        },
        {
            "digest": {
                "line_hashes": [
                    "227848542426135749650059761419217658061",
                    "48995873868544875572101008686063931126",
                    "316494427388257505416063358437535960234",
                    "110341734570665479850564625131248085650",
                    "273992299718025182238509656517241657503",
                    "45416000029387775944833504941744670893",
                    "225788687972160165138220468356608605289",
                    "47769041152143365932725979063599360346",
                    "155793584126601062118009173817993454600",
                    "172551347376801035252082831463435458622",
                    "15958873413655238639398777048380868728"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3669baf308308385a2ab391324abdde5682af5aa",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-baaed8fb"
        },
        {
            "digest": {
                "line_hashes": [
                    "227848542426135749650059761419217658061",
                    "48995873868544875572101008686063931126",
                    "316494427388257505416063358437535960234",
                    "110341734570665479850564625131248085650",
                    "273992299718025182238509656517241657503",
                    "45416000029387775944833504941744670893",
                    "225788687972160165138220468356608605289",
                    "47769041152143365932725979063599360346",
                    "155793584126601062118009173817993454600",
                    "172551347376801035252082831463435458622",
                    "15958873413655238639398777048380868728"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/perf/hisilicon/hns3_pmu.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aa2d3d678895c8eedd003f1473f87d3f06fe6ec7",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-38568-d9b23e66"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.93
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.33
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.12
Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.9.3