CVE-2024-53049

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53049
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53049.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-53049
Downstream
Related
Published
2024-11-19T18:15:25Z
Modified
2024-11-22T17:01:54Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

slub/kunit: fix a WARNING due to unwrapped _kmalloccache_noprof

'modprobe slubkunit' will have a warning as shown below. The root cause is that _kmalloccachenoprof was directly used, which resulted in no alloctag being allocated. This caused current->alloctag to be null, leading to a warning in alloctagadd_check.

Let's add an allochook layer to _kmalloccachenoprof specifically within lib/slub_kunit.c, which is the only user of this internal slub function outside kmalloc implementation itself.

[58162.947016] WARNING: CPU: 2 PID: 6210 at ./include/linux/alloctag.h:125 alloctaggingslaballochook+0x268/0x27c [58162.957721] Call trace: [58162.957919] alloctaggingslaballochook+0x268/0x27c [58162.958286] _kmalloccachenoprof+0x14c/0x344 [58162.958615] testkmallocredzoneaccess+0x50/0x10c [slubkunit] [58162.959045] kunittryruncase+0x74/0x184 [kunit] [58162.959401] kunitgenericrunthreadfnadapter+0x2c/0x4c [kunit] [58162.959841] kthread+0x10c/0x118 [58162.960093] retfrom_fork+0x10/0x20 [58162.960363] ---[ end trace 0000000000000000 ]---

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.11.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}