CVE-2024-50132
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50132
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50132.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-50132
- Related
- Published
- 2024-11-05T18:15:15Z
- Modified
- 2024-11-16T05:50:02.211242Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tracing/probes: Fix MAXTRACEARGS limit handling
When creating a traceprobe we would set nrargs prior to truncating the arguments to MAXTRACEARGS. However, we would only initialize arguments up to the limit.
This caused invalid memory access when attempting to set up probes with more than 128 fetchargs.
BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:setprint_fmt+0x134/0x330
Resolve the issue by applying the MAXTRACEARGS limit earlier. Return an error when there are too many arguments instead of silently truncating.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.11.6-1