THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-26946

kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address

AssignerLinux
Reserved2024-02-19
Published2024-05-01
Updated2024-07-05

Description

In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, arch_adjust_kprobe_addr() will cause a kernel panic. [ mingo: Clarified the comment. ]

Product status

Default status
unaffected

cc66bb914578 before 641768431508
affected

cc66bb914578 before f13edd1871d4
affected

cc66bb914578 before 20fdb21eabae
affected

cc66bb914578 before b69f577308f1
affected

cc66bb914578 before 4e51653d5d87
affected

Default status
affected

5.18
affected

Any version before 5.18
unaffected

6.1.84
unaffected

6.6.24
unaffected

6.7.12
unaffected

6.8.3
unaffected

6.9
unaffected

References

https://git.kernel.org/stable/c/6417684315087904fffe8966d27ca74398c57dd6

https://git.kernel.org/stable/c/f13edd1871d4fb4ab829aff629d47914e251bae3

https://git.kernel.org/stable/c/20fdb21eabaeb8f78f8f701f56d14ea0836ec861

https://git.kernel.org/stable/c/b69f577308f1070004cafac106dd1a44099e5483

https://git.kernel.org/stable/c/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b

cve.org CVE-2024-26946

nvd.nist.gov CVE-2024-26946

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-26946
© Copyright 2024 THREATINT. Made in Cyprus with +