In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdevunregisterparent() Inject fault while probing mdpy.ko, if kstrdup() of createdir() fails in kobjectaddinternal() in kobjectinitandadd() in mdevtypeadd() in parentcreatesysfsfiles(), it will return 0 and probe successfully. And when rmmod mdpy.ko, the mdpydevexit() will call mdevunregisterparent(), the mdevtyperemove() may traverse uninitialized parent->types[i] in parentremovesysfsfiles(), and it will cause below null-ptr-deref. If mdevtypeadd() fails, return the error code and ksetunregister() to fix the issue. general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 2 PID: 10215 Comm: rmmod Tainted: G W N 6.6.0-rc2+ #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:kobjectdel+0x62/0x1c0 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 75 10 48 89 df 48 8d 6b 3c e8 RSP: 0018:ffff88810695fd30 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffffffffa0270268 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000010 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10233a4ef1 R10: ffff888119d2778b R11: 0000000063666572 R12: 0000000000000000 R13: fffffbfff404e2d4 R14: dffffc0000000000 R15: ffffffffa0271660 FS: 00007fbc81981540(0000) GS:ffff888119d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc14a142dc0 CR3: 0000000110a62003 CR4: 0000000000770ee0 DR0: ffffffff8fb0bce8 DR1: ffffffff8fb0bce9 DR2: ffffffff8fb0bcea DR3: ffffffff8fb0bceb DR6: 00000000fffe0ff0 DR7: 0000000000000600 PKRU: 55555554 Call Trace: <TASK> ? dieaddr+0x3d/0xa0 ? excgeneralprotection+0x144/0x220 ? asmexcgeneralprotection+0x22/0x30 ? _kobjectdel+0x62/0x1c0 kobjectdel+0x32/0x50 parentremovesysfsfiles+0xd6/0x170 [mdev] mdevunregisterparent+0xfb/0x190 [mdev] ? mdevregisterparent+0x270/0x270 [mdev] ? findmoduleall+0x9d/0xe0 mdpydevexit+0x17/0x63 [mdpy] _dosysdeletemodule.constprop.0+0x2fa/0x4b0 ? moduleflags+0x300/0x300 ? _fput+0x4e7/0xa00 dosyscall64+0x35/0x80 entrySYSCALL64afterhwframe+0x46/0xb0 RIP: 0033:0x7fbc813221b7 Code: 73 01 c3 48 8b 0d d1 8c 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 8c 2c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe780e0648 EFLAGS: 00000206 ORIGRAX: 00000000000000b0 RAX: ffffffffffffffda RBX: 00007ffe780e06a8 RCX: 00007fbc813221b7 RDX: 000000000000000a RSI: 0000000000000800 RDI: 000055e214df9b58 RBP: 000055e214df9af0 R08: 00007ffe780df5c1 R09: 0000000000000000 R10: 00007fbc8139ecc0 R11: 0000000000000206 R12: 00007ffe780e0870 R13: 00007ffe780e0ed0 R14: 000055e214df9260 R15: 000055e214df9af0 </TASK> Modules linked in: mdpy(-) mdev vfioiommutype1 vfio [last unloaded: mdpy] Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace 0000000000000000 ]--- RIP: 0010:kobjectdel+0x62/0x1c0 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 75 10 48 89 df 48 8d 6b 3c e8 RSP: 0018:ffff88810695fd30 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffffffffa0270268 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000010 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10233a4ef1 R10: ffff888119d2778b R11: 0000000063666572 R12: 0000000000000000 R13: fffffbfff404e2d4 R14: dffffc0000000000 R15: ffffffffa0271660 FS: 00007fbc81981540(0000) GS:ffff888119d00000(000 ---truncated---
{ "availability": "No subscription required", "binaries": [ { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1013-gcp" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-gcp-6.5-headers-6.5.0-1013" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-gcp-6.5-tools-6.5.0-1013" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-headers-6.5.0-1013-gcp" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1013-gcp" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1013-gcp-dbgsym" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-modules-6.5.0-1013-gcp" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1013-gcp" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-modules-iwlwifi-6.5.0-1013-gcp" }, { "binary_version": "6.5.0-1013.13~22.04.1", "binary_name": "linux-tools-6.5.0-1013-gcp" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-buildinfo-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-buildinfo-6.5.0-17-generic-64k" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-cloud-tools-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-headers-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-headers-6.5.0-17-generic-64k" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-hwe-6.5-cloud-tools-6.5.0-17" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-hwe-6.5-cloud-tools-common" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-hwe-6.5-headers-6.5.0-17" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-hwe-6.5-tools-6.5.0-17" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-hwe-6.5-tools-common" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-hwe-6.5-tools-host" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-image-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-image-6.5.0-17-generic-dbgsym" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-generic-64k" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-generic-64k-dbgsym" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-generic-dbgsym" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-modules-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-modules-6.5.0-17-generic-64k" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-modules-extra-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-modules-ipu6-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-modules-ivsc-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-modules-iwlwifi-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-source-6.5.0" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-tools-6.5.0-17-generic" }, { "binary_version": "6.5.0-17.17~22.04.1", "binary_name": "linux-tools-6.5.0-17-generic-64k" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-17-lowlatency-64k" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-cloud-tools-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-headers-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-headers-6.5.0-17-lowlatency-64k" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-lowlatency-64k" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-lowlatency-64k-dbgsym" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-17-lowlatency-dbgsym" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-6.5.0-17" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-common" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-headers-6.5.0-17" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-lib-rust-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-6.5.0-17" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-common" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-host" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-modules-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-modules-6.5.0-17-lowlatency-64k" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-modules-iwlwifi-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-tools-6.5.0-17-lowlatency" }, { "binary_version": "6.5.0-17.17.1.1.1~22.04.1", "binary_name": "linux-tools-6.5.0-17-lowlatency-64k" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "6.5.0-1014.14", "binary_name": "linux-buildinfo-6.5.0-1014-nvidia" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-buildinfo-6.5.0-1014-nvidia-64k" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-headers-6.5.0-1014-nvidia" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-headers-6.5.0-1014-nvidia-64k" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-image-unsigned-6.5.0-1014-nvidia" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-image-unsigned-6.5.0-1014-nvidia-64k" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-image-unsigned-6.5.0-1014-nvidia-64k-dbgsym" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-image-unsigned-6.5.0-1014-nvidia-dbgsym" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-modules-6.5.0-1014-nvidia" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-modules-6.5.0-1014-nvidia-64k" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-modules-extra-6.5.0-1014-nvidia" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-modules-nvidia-fs-6.5.0-1014-nvidia" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-modules-nvidia-fs-6.5.0-1014-nvidia-64k" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-nvidia-6.5-headers-6.5.0-1014" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-nvidia-6.5-tools-6.5.0-1014" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-nvidia-6.5-tools-host" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-tools-6.5.0-1014-nvidia" }, { "binary_version": "6.5.0-1014.14", "binary_name": "linux-tools-6.5.0-1014-nvidia-64k" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "6.5.0-1014.15", "binary_name": "linux-buildinfo-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-headers-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-image-unsigned-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-image-unsigned-6.5.0-1014-oem-dbgsym" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-modules-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-modules-ipu6-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-modules-ivsc-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-modules-iwlwifi-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-modules-usbio-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-oem-6.5-headers-6.5.0-1014" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-oem-6.5-lib-rust-6.5.0-1014-oem" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-oem-6.5-tools-6.5.0-1014" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-oem-6.5-tools-host" }, { "binary_version": "6.5.0-1014.15", "binary_name": "linux-tools-6.5.0-1014-oem" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1015-oracle" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-headers-6.5.0-1015-oracle" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1015-oracle" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1015-oracle-dbgsym" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-modules-6.5.0-1015-oracle" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1015-oracle" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-oracle-6.5-headers-6.5.0-1015" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-oracle-6.5-tools-6.5.0-1015" }, { "binary_version": "6.5.0-1015.15~22.04.1", "binary_name": "linux-tools-6.5.0-1015-oracle" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "6.7.0-1001.1", "binary_name": "linux-buildinfo-6.7.0-1001-raspi" }, { "binary_version": "6.7.0-1001.1", "binary_name": "linux-headers-6.7.0-1001-raspi" }, { "binary_version": "6.7.0-1001.1", "binary_name": "linux-image-6.7.0-1001-raspi" }, { "binary_version": "6.7.0-1001.1", "binary_name": "linux-image-6.7.0-1001-raspi-dbgsym" }, { "binary_version": "6.7.0-1001.1", "binary_name": "linux-modules-6.7.0-1001-raspi" }, { "binary_version": "6.7.0-1001.1", "binary_name": "linux-raspi-headers-6.7.0-1001" }, { "binary_version": "6.7.0-1001.1", "binary_name": "linux-raspi-tools-6.7.0-1001" }, { "binary_version": "6.7.0-1001.1", "binary_name": "linux-tools-6.7.0-1001-raspi" } ] }