CVE-2024-53187
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53187
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53187.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-53187
- Downstream
- Related
- Published
- 2024-12-27T13:49:30Z
- Modified
- 2025-10-22T05:58:05.891781Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- io_uring: check for overflows in io_pin_pages
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iouring: check for overflows in iopin_pages
WARNING: CPU: 0 PID: 5834 at iouring/memmap.c:144 iopinpages+0x149/0x180 iouring/memmap.c:144 CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0 Call Trace: <TASK> _iouaddrmap+0xfb/0x2d0 iouring/memmap.c:183 ioringsmap iouring/iouring.c:2611 [inline] ioallocatescqurings+0x1c0/0x650 iouring/iouring.c:3470 iouringcreate+0x5b5/0xc00 iouring/iouring.c:3692 iouringsetup iouring/io_uring.c:3781 [inline] ... </TASK>
iopinpages()'s uaddr parameter came directly from the user and can be garbage. Don't just add size to it as it can overflow.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2b188cc1bb857a9d4701ae59aa7768b5124e262eFixed29eac3eca72d4c2a71122050c37cd7d8f73ac4f3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2b188cc1bb857a9d4701ae59aa7768b5124e262eFixedaaa90844afd499c9142d0199dfda74439314c013
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2b188cc1bb857a9d4701ae59aa7768b5124e262eFixed0c0a4eae26ac78379d0c1db053de168a8febc6c9
Affected versions
v5.*
v5.0
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.10
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.11.6
v6.11.7
v6.11.8
v6.11.9
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "57055476934432750181875100511673964183",
"length": 714.0
},
"target": {
"function": "io_pin_pages",
"file": "io_uring/memmap.c"
},
"id": "CVE-2024-53187-2fa52e57",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c0a4eae26ac78379d0c1db053de168a8febc6c9",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"168159303135054739387064898915198734341",
"32182729450771334686442242027457215377",
"120226594074314084264659929357299186660",
"13573824020529892772805146511137251259"
],
"threshold": 0.9
},
"target": {
"file": "io_uring/memmap.c"
},
"id": "CVE-2024-53187-45e7808c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@29eac3eca72d4c2a71122050c37cd7d8f73ac4f3",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "36836239186234739198645081436728918932",
"length": 646.0
},
"target": {
"function": "io_pin_pages",
"file": "io_uring/memmap.c"
},
"id": "CVE-2024-53187-5c51c9b5",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aaa90844afd499c9142d0199dfda74439314c013",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"168159303135054739387064898915198734341",
"32182729450771334686442242027457215377",
"120226594074314084264659929357299186660",
"13573824020529892772805146511137251259"
],
"threshold": 0.9
},
"target": {
"file": "io_uring/memmap.c"
},
"id": "CVE-2024-53187-6e92b53d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c0a4eae26ac78379d0c1db053de168a8febc6c9",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"168159303135054739387064898915198734341",
"32182729450771334686442242027457215377",
"120226594074314084264659929357299186660",
"13573824020529892772805146511137251259"
],
"threshold": 0.9
},
"target": {
"file": "io_uring/memmap.c"
},
"id": "CVE-2024-53187-7853f6c9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aaa90844afd499c9142d0199dfda74439314c013",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "36836239186234739198645081436728918932",
"length": 646.0
},
"target": {
"function": "io_pin_pages",
"file": "io_uring/memmap.c"
},
"id": "CVE-2024-53187-ccf91f98",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@29eac3eca72d4c2a71122050c37cd7d8f73ac4f3",
"signature_type": "Function"
}
]