CVE-2024-53049

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53049

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof 'modprobe slub_kunit' will have a warning as shown below. The root cause is that __kmalloc_cache_noprof was directly used, which resulted in no alloc_tag being allocated. This caused current->alloc_tag to be null, leading to a warning in alloc_tag_add_check. Let's add an alloc_hook layer to __kmalloc_cache_noprof specifically within lib/slub_kunit.c, which is the only user of this internal slub function outside kmalloc implementation itself. [58162.947016] WARNING: CPU: 2 PID: 6210 at ./include/linux/alloc_tag.h:125 alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.957721] Call trace: [58162.957919] alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.958286] __kmalloc_cache_noprof+0x14c/0x344 [58162.958615] test_kmalloc_redzone_access+0x50/0x10c [slub_kunit] [58162.959045] kunit_try_run_case+0x74/0x184 [kunit] [58162.959401] kunit_generic_run_threadfn_adapter+0x2c/0x4c [kunit] [58162.959841] kthread+0x10c/0x118 [58162.960093] ret_from_fork+0x10/0x20 [58162.960363] ---[ end trace 0000000000000000 ]---

References
Link Resource
https://git.kernel.org/stable/c/2b059d0d1e624adc6e69a754bc48057f8bf459dc Patch
https://git.kernel.org/stable/c/79aea7dfd98fbbf282d1408fc21849fc9a677768 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
History

22 Nov 2024, 17:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/2b059d0d1e624adc6e69a754bc48057f8bf459dc - () https://git.kernel.org/stable/c/2b059d0d1e624adc6e69a754bc48057f8bf459dc - Patch
References () https://git.kernel.org/stable/c/79aea7dfd98fbbf282d1408fc21849fc9a677768 - () https://git.kernel.org/stable/c/79aea7dfd98fbbf282d1408fc21849fc9a677768 - Patch
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: slub/kunit: se corrige una ADVERTENCIA debido a que __kmalloc_cache_noprof sin encapsular 'modprobe slub_kunit' tendrá una advertencia como la que se muestra a continuación. La causa principal es que se utilizó __kmalloc_cache_noprof directamente, lo que resultó en que no se asignara alloc_tag. Esto provocó que current->alloc_tag fuera nulo, lo que generó una advertencia en alloc_tag_add_check. Agreguemos una capa alloc_hook a __kmalloc_cache_noprof específicamente dentro de lib/slub_kunit.c, que es el único usuario de esta función slub interna fuera de la implementación de kmalloc en sí. [58162.947016] ADVERTENCIA: CPU: 2 PID: 6210 en ./include/linux/alloc_tag.h:125 alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.957721] Rastreo de llamadas: [58162.957919] alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.958286] __kmalloc_cache_noprof+0x14c/0x344 [58162.958615] test_kmalloc_redzone_access+0x50/0x10c [slub_kunit] [58162.959045] kunit_try_run_case+0x74/0x184 [kunit] [58162.959401] kunit_generic_run_threadfn_adapter+0x2c/0x4c [kunit] [58162.959841] kthread+0x10c/0x118 [58162.960093] ret_from_fork+0x10/0x20 [58162.960363] ---[ fin de seguimiento 0000000000000000 ]---
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
CWE NVD-CWE-noinfo

19 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-19 18:15

Updated : 2025-10-01 21:16

NVD link : CVE-2024-53049

Mitre link : CVE-2024-53049

CVE.ORG link : CVE-2024-53049

JSON object : View

Products Affected

linux

CWE
NVD-CWE-noinfo