CVE-2024-50222

WARNING: CPU: 5 PID: 3517 at mm/highmem.c:622 kunmaplocalindexed+0x62/0xc9 CPU: 5 UID: 0 PID: 3517 Comm: cp Not tainted 6.12.0-rc4 #2 ... copypagefromiteratomic+0xa6/0x5ec genericperformwrite+0xf6/0x1b4 shmemfilewrite_iter+0x54/0x67

Fix copypagefromiteratomic() by limiting it in that case (include/linux/skbuff.h skbfragmust_loop() does similar).

But going forward, perhaps CONFIGDEBUGKMAPLOCALFORCE_MAP is too surprising, has outlived its usefulness, and should just be removed?

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

908a1ad89466c1febf20bfe0037b84fc66f8a3f8

Fixed

4f7ffa83fa79dd52efbaef366c850aaaae06a469

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

908a1ad89466c1febf20bfe0037b84fc66f8a3f8

Fixed

3a303409f271dfe0987b8f79595138340497a32d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

908a1ad89466c1febf20bfe0037b84fc66f8a3f8

Fixed

c749d9b7ebbc5716af7a95f7768634b30d9446ec

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.11.1

v6.11.2

v6.11.3

v6.11.4

v6.11.5

v6.11.6

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.5

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-50222-02bf9cd9",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 577.0,
            "function_hash": "156583866506050436154786463874547442457"
        },
        "target": {
            "function": "copy_page_from_iter_atomic",
            "file": "lib/iov_iter.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a303409f271dfe0987b8f79595138340497a32d",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-50222-043133fc",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "204972246202362863207905383777073537367",
                "246107876875981700908941424477660087988",
                "174320704423253348218438031595245682291",
                "86461641576612492676174904531817766691",
                "30793947236016922995300490101432796813",
                "301654204034709378666805833207329851687",
                "116021592185717417981460081231870204855",
                "173233218498764649273264345427804000499",
                "260235183764604311482225338324599230617",
                "43309767394056860938572771738270871978",
                "281850396471512723579099544858066762299",
                "170308226958184604692635004641752574466"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "lib/iov_iter.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a303409f271dfe0987b8f79595138340497a32d",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2024-50222-2dc3a7df",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 577.0,
            "function_hash": "156583866506050436154786463874547442457"
        },
        "target": {
            "function": "copy_page_from_iter_atomic",
            "file": "lib/iov_iter.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c749d9b7ebbc5716af7a95f7768634b30d9446ec",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-50222-579eb6f8",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "204972246202362863207905383777073537367",
                "246107876875981700908941424477660087988",
                "174320704423253348218438031595245682291",
                "86461641576612492676174904531817766691",
                "30793947236016922995300490101432796813",
                "301654204034709378666805833207329851687",
                "116021592185717417981460081231870204855",
                "173233218498764649273264345427804000499",
                "260235183764604311482225338324599230617",
                "43309767394056860938572771738270871978",
                "281850396471512723579099544858066762299",
                "170308226958184604692635004641752574466"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "lib/iov_iter.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c749d9b7ebbc5716af7a95f7768634b30d9446ec",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2024-50222-e6f2b5ef",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 683.0,
            "function_hash": "146291071841828578165762968178562262701"
        },
        "target": {
            "function": "copy_page_from_iter_atomic",
            "file": "lib/iov_iter.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f7ffa83fa79dd52efbaef366c850aaaae06a469",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-50222-f7f895e7",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "204972246202362863207905383777073537367",
                "246107876875981700908941424477660087988",
                "174320704423253348218438031595245682291",
                "86461641576612492676174904531817766691",
                "30793947236016922995300490101432796813",
                "301654204034709378666805833207329851687",
                "116021592185717417981460081231870204855",
                "173233218498764649273264345427804000499",
                "260235183764604311482225338324599230617",
                "43309767394056860938572771738270871978",
                "281850396471512723579099544858066762299",
                "170308226958184604692635004641752574466"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "lib/iov_iter.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f7ffa83fa79dd52efbaef366c850aaaae06a469",
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.60

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.11.7