跳转到帖子

Huawei EulerOS: CVE-2024-47692: kernel security update

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Huawei EulerOS: CVE-2024-47692: kernel security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
10/21/2024
Created
02/12/2025
Added
02/11/2025
Modified
02/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR. When we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered. [ T1205] ================================================================== [ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260 [ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205 [ T1205] [ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406 [ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 [ T1205] Call Trace: [ T1205]dump_stack+0x9a/0xd0 [ T1205]? nfs4_client_to_reclaim+0xe9/0x260 [ T1205]__kasan_report.cold+0x34/0x84 [ T1205]? nfs4_client_to_reclaim+0xe9/0x260 [ T1205]kasan_report+0x3a/0x50 [ T1205]nfs4_client_to_reclaim+0xe9/0x260 [ T1205]? nfsd4_release_lockowner+0x410/0x410 [ T1205]cld_pipe_downcall+0x5ca/0x760 [ T1205]? nfsd4_cld_tracking_exit+0x1d0/0x1d0 [ T1205]? down_write_killable_nested+0x170/0x170 [ T1205]? avc_policy_seqno+0x28/0x40 [ T1205]? selinux_file_permission+0x1b4/0x1e0 [ T1205]rpc_pipe_write+0x84/0xb0 [ T1205]vfs_write+0x143/0x520 [ T1205]ksys_write+0xc9/0x170 [ T1205]? __ia32_sys_read+0x50/0x50 [ T1205]? ktime_get_coarse_real_ts64+0xfe/0x110 [ T1205]? ktime_get_coarse_real_ts64+0xa2/0x110 [ T1205]do_syscall_64+0x33/0x40 [ T1205]entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ T1205] RIP: 0033:0x7fdbdb761bc7 [ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514 [ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7 [ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008 [ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001 [ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b [ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000 [ T1205] ================================================================== Fix it by checking namelen.

Solution(s)

  • huawei-euleros-2_0_sp11-upgrade-bpftool
  • huawei-euleros-2_0_sp11-upgrade-kernel
  • huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists
  • huawei-euleros-2_0_sp11-upgrade-kernel-tools
  • huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs
  • huawei-euleros-2_0_sp11-upgrade-python3-perf

References

  • https://attackerkb.com/topics/cve-2024-47692
  • CVE - 2024-47692
  • EulerOS-SA-2025-1159
  • 引用
  • Mention
    • 查看数 693
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表