跳转到帖子

Ubuntu: (Multiple Advisories) (CVE-2024-46853): Linux kernel vulnerabilities

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Ubuntu: (Multiple Advisories) (CVE-2024-46853): Linux kernel vulnerabilities

Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
09/27/2024
Created
12/14/2024
Added
12/13/2024
Modified
01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd if=3b of=/dev/mtd0 [ 36.926103] ================================================================== [ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455 [ 36.946721] [ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070 [ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT) [ 36.961260] Call trace: [ 36.963723]dump_backtrace+0x90/0xe8 [ 36.967414]show_stack+0x18/0x24 [ 36.970749]dump_stack_lvl+0x78/0x90 [ 36.974451]print_report+0x114/0x5cc [ 36.978151]kasan_report+0xa4/0xf0 [ 36.981670]__asan_report_load_n_noabort+0x1c/0x28 [ 36.986587]nxp_fspi_exec_op+0x26ec/0x2838 [ 36.990800]spi_mem_exec_op+0x8ec/0xd30 [ 36.994762]spi_mem_no_dirmap_read+0x190/0x1e0 [ 36.999323]spi_mem_dirmap_write+0x238/0x32c [ 37.003710]spi_nor_write_data+0x220/0x374 [ 37.007932]spi_nor_write+0x110/0x2e8 [ 37.011711]mtd_write_oob_std+0x154/0x1f0 [ 37.015838]mtd_write_oob+0x104/0x1d0 [ 37.019617]mtd_write+0xb8/0x12c [ 37.022953]mtdchar_write+0x224/0x47c [ 37.026732]vfs_write+0x1e4/0x8c8 [ 37.030163]ksys_write+0xec/0x1d0 [ 37.033586]__arm64_sys_write+0x6c/0x9c [ 37.037539]invoke_syscall+0x6c/0x258 [ 37.041327]el0_svc_common.constprop.0+0x160/0x22c [ 37.046244]do_el0_svc+0x44/0x5c [ 37.049589]el0_svc+0x38/0x78 [ 37.052681]el0t_64_sync_handler+0x13c/0x158 [ 37.057077]el0t_64_sync+0x190/0x194 [ 37.060775] [ 37.062274] Allocated by task 455: [ 37.065701]kasan_save_stack+0x2c/0x54 [ 37.069570]kasan_save_track+0x20/0x3c [ 37.073438]kasan_save_alloc_info+0x40/0x54 [ 37.077736]__kasan_kmalloc+0xa0/0xb8 [ 37.081515]__kmalloc_noprof+0x158/0x2f8 [ 37.085563]mtd_kmalloc_up_to+0x120/0x154 [ 37.089690]mtdchar_write+0x130/0x47c [ 37.093469]vfs_write+0x1e4/0x8c8 [ 37.096901]ksys_write+0xec/0x1d0 [ 37.100332]__arm64_sys_write+0x6c/0x9c [ 37.104287]invoke_syscall+0x6c/0x258 [ 37.108064]el0_svc_common.constprop.0+0x160/0x22c [ 37.112972]do_el0_svc+0x44/0x5c [ 37.116319]el0_svc+0x38/0x78 [ 37.119401]el0t_64_sync_handler+0x13c/0x158 [ 37.123788]el0t_64_sync+0x190/0x194 [ 37.127474] [ 37.128977] The buggy address belongs to the object at ffff00081037c2a0 [ 37.128977]which belongs to the cache kmalloc-8 of size 8 [ 37.141177] The buggy address is located 0 bytes inside of [ 37.141177]allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3) [ 37.153465] [ 37.154971] The buggy address belongs to the physical page: [ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c [ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.175149] page_type: 0xfdffffff(slab) [ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000 [ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 37.194553] page dumped because: kasan: bad access detected [ 37.200144] [ 37.201647] Memory state around the buggy address: [ 37.206460]ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 37.213701]ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc [ 37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc [ 37.228186]^ [ 37.232473]ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239718]ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.246962] ============================================================== ---truncated---

Solution(s)

  • ubuntu-upgrade-linux-image-5-15-0-1039-xilinx-zynqmp
  • ubuntu-upgrade-linux-image-5-15-0-1056-gkeop
  • ubuntu-upgrade-linux-image-5-15-0-1066-ibm
  • ubuntu-upgrade-linux-image-5-15-0-1066-raspi
  • ubuntu-upgrade-linux-image-5-15-0-1068-nvidia
  • ubuntu-upgrade-linux-image-5-15-0-1068-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-5-15-0-1070-gke
  • ubuntu-upgrade-linux-image-5-15-0-1070-kvm
  • ubuntu-upgrade-linux-image-5-15-0-1071-intel-iotg
  • ubuntu-upgrade-linux-image-5-15-0-1071-oracle
  • ubuntu-upgrade-linux-image-5-15-0-1072-gcp
  • ubuntu-upgrade-linux-image-5-15-0-1073-aws
  • ubuntu-upgrade-linux-image-5-15-0-1078-azure
  • ubuntu-upgrade-linux-image-5-15-0-127-generic
  • ubuntu-upgrade-linux-image-5-15-0-127-generic-64k
  • ubuntu-upgrade-linux-image-5-15-0-127-generic-lpae
  • ubuntu-upgrade-linux-image-5-15-0-127-lowlatency
  • ubuntu-upgrade-linux-image-5-15-0-127-lowlatency-64k
  • ubuntu-upgrade-linux-image-6-8-0-1002-gkeop
  • ubuntu-upgrade-linux-image-6-8-0-1015-gke
  • ubuntu-upgrade-linux-image-6-8-0-1016-raspi
  • ubuntu-upgrade-linux-image-6-8-0-1017-ibm
  • ubuntu-upgrade-linux-image-6-8-0-1017-oracle
  • ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k
  • ubuntu-upgrade-linux-image-6-8-0-1018-oem
  • ubuntu-upgrade-linux-image-6-8-0-1019-gcp
  • ubuntu-upgrade-linux-image-6-8-0-1019-nvidia
  • ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k
  • ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k
  • ubuntu-upgrade-linux-image-6-8-0-1020-aws
  • ubuntu-upgrade-linux-image-6-8-0-1020-azure
  • ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde
  • ubuntu-upgrade-linux-image-6-8-0-50-generic
  • ubuntu-upgrade-linux-image-6-8-0-50-generic-64k
  • ubuntu-upgrade-linux-image-6-8-0-50-lowlatency
  • ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k
  • ubuntu-upgrade-linux-image-aws
  • ubuntu-upgrade-linux-image-aws-lts-22-04
  • ubuntu-upgrade-linux-image-azure
  • ubuntu-upgrade-linux-image-azure-cvm
  • ubuntu-upgrade-linux-image-azure-fde
  • ubuntu-upgrade-linux-image-azure-lts-22-04
  • ubuntu-upgrade-linux-image-gcp
  • ubuntu-upgrade-linux-image-gcp-lts-22-04
  • ubuntu-upgrade-linux-image-generic
  • ubuntu-upgrade-linux-image-generic-64k
  • ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
  • ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
  • ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
  • ubuntu-upgrade-linux-image-generic-hwe-20-04
  • ubuntu-upgrade-linux-image-generic-hwe-22-04
  • ubuntu-upgrade-linux-image-generic-hwe-24-04
  • ubuntu-upgrade-linux-image-generic-lpae
  • ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
  • ubuntu-upgrade-linux-image-gke
  • ubuntu-upgrade-linux-image-gke-5-15
  • ubuntu-upgrade-linux-image-gkeop
  • ubuntu-upgrade-linux-image-gkeop-5-15
  • ubuntu-upgrade-linux-image-gkeop-6-8
  • ubuntu-upgrade-linux-image-ibm
  • ubuntu-upgrade-linux-image-ibm-classic
  • ubuntu-upgrade-linux-image-ibm-lts-24-04
  • ubuntu-upgrade-linux-image-intel
  • ubuntu-upgrade-linux-image-intel-iotg
  • ubuntu-upgrade-linux-image-kvm
  • ubuntu-upgrade-linux-image-lowlatency
  • ubuntu-upgrade-linux-image-lowlatency-64k
  • ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
  • ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
  • ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04
  • ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
  • ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
  • ubuntu-upgrade-linux-image-lowlatency-hwe-24-04
  • ubuntu-upgrade-linux-image-nvidia
  • ubuntu-upgrade-linux-image-nvidia-6-8
  • ubuntu-upgrade-linux-image-nvidia-64k
  • ubuntu-upgrade-linux-image-nvidia-64k-6-8
  • ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04
  • ubuntu-upgrade-linux-image-nvidia-hwe-22-04
  • ubuntu-upgrade-linux-image-nvidia-lowlatency
  • ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
  • ubuntu-upgrade-linux-image-oem-20-04
  • ubuntu-upgrade-linux-image-oem-20-04b
  • ubuntu-upgrade-linux-image-oem-20-04c
  • ubuntu-upgrade-linux-image-oem-20-04d
  • ubuntu-upgrade-linux-image-oem-22-04
  • ubuntu-upgrade-linux-image-oem-22-04a
  • ubuntu-upgrade-linux-image-oem-22-04b
  • ubuntu-upgrade-linux-image-oem-22-04c
  • ubuntu-upgrade-linux-image-oem-22-04d
  • ubuntu-upgrade-linux-image-oem-24-04
  • ubuntu-upgrade-linux-image-oem-24-04a
  • ubuntu-upgrade-linux-image-oracle
  • ubuntu-upgrade-linux-image-oracle-64k
  • ubuntu-upgrade-linux-image-oracle-lts-22-04
  • ubuntu-upgrade-linux-image-raspi
  • ubuntu-upgrade-linux-image-raspi-nolpae
  • ubuntu-upgrade-linux-image-virtual
  • ubuntu-upgrade-linux-image-virtual-hwe-20-04
  • ubuntu-upgrade-linux-image-virtual-hwe-22-04
  • ubuntu-upgrade-linux-image-virtual-hwe-24-04
  • ubuntu-upgrade-linux-image-xilinx-zynqmp

References

  • https://attackerkb.com/topics/cve-2024-46853
  • CVE - 2024-46853
  • USN-7154-1
  • USN-7154-2
  • USN-7155-1
  • USN-7156-1
  • USN-7166-1
  • USN-7166-2
  • USN-7166-3
  • USN-7166-4
  • USN-7186-1
  • USN-7186-2
  • USN-7194-1
  • USN-7196-1
View more
  • 引用
  • Mention
    • 查看数 693
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表