CVE-2024-57994

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57994
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57994.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-57994
Downstream
Related
Published
2025-02-27T02:15:13Z
Modified
2025-03-10T05:00:04Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ptrring: do not block hard interrupts in ptrringresizemultiple()

Jakub added a lockdepassertnohardirq() check in _pagepoolput_page() to increase test coverage.

syzbot found a splat caused by hard irq blocking in ptrringresize_multiple() [1]

As current users of ptrringresize_multiple() do not require hard irqs being masked, replace it to only block BH.

Rename helpers to better reflect they are safe against BH only.

  • ptrringresizemultiple() to ptrringresizemultiple_bh()
  • skbarrayresizemultiple() to skbarrayresizemultiple_bh()

[1]

WARNING: CPU: 1 PID: 9150 at net/core/pagepool.c:709 pagepoolputpage net/core/pagepool.c:709 [inline] WARNING: CPU: 1 PID: 9150 at net/core/pagepool.c:709 pagepoolputunrefednetmem+0x157/0xa40 net/core/pagepool.c:780 Modules linked in: CPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:pagepoolputpage net/core/pagepool.c:709 [inline] RIP: 0010:pagepoolputunrefednetmem+0x157/0xa40 net/core/pagepool.c:780 Code: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 <0f> 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85 RSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083 RAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000 RDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843 RBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d R10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040 R13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff FS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> tunptrfree drivers/net/tun.c:617 [inline] _ptrringswapqueue include/linux/ptrring.h:571 [inline] ptrringresizemultiplenoprof include/linux/ptrring.h:643 [inline] tunqueueresize drivers/net/tun.c:3694 [inline] tundeviceevent+0xaaf/0x1080 drivers/net/tun.c:3714 notifiercallchain+0x19f/0x3e0 kernel/notifier.c:93 callnetdevicenotifiersextack net/core/dev.c:2032 [inline] callnetdevicenotifiers net/core/dev.c:2046 [inline] devchangetxqueuelen+0x158/0x2a0 net/core/dev.c:9024 dosetlink+0xff6/0x41f0 net/core/rtnetlink.c:2923 rtnlsetlink+0x40d/0x5a0 net/core/rtnetlink.c:3201 rtnetlinkrcvmsg+0x73f/0xcf0 net/core/rtnetlink.c:6647 netlinkrcvskb+0x1e3/0x430 net/netlink/afnetlink.c:2550

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}