Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-41065

Disclosure Date: July 29, 2024 •

CVE-2024-41065

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

powerpc/pseries: Whitelist dtl slub object for copying to userspace

Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*
results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as
shown below.

kernel BUG at mm/usercopy.c:102!
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc
scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse
CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85
Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries
NIP:  c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8
REGS: c000000120c078c0 TRAP: 0700   Not tainted  (6.10.0-rc3)
MSR:  8000000000029033 <SF,EE,ME,IR,DR,RI,LE>  CR: 2828220f  XER: 0000000e
CFAR: c0000000001fdc80 IRQMASK: 0
[ ... GPRs omitted ... ]
NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0
LR [c0000000005d23d0] usercopy_abort+0x74/0xb0
Call Trace:
 usercopy_abort+0x74/0xb0 (unreliable)
 __check_heap_object+0xf8/0x120
 check_heap_object+0x218/0x240
 __check_object_size+0x84/0x1a4
 dtl_file_read+0x17c/0x2c4
 full_proxy_read+0x8c/0x110
 vfs_read+0xdc/0x3a0
 ksys_read+0x84/0x144
 system_call_exception+0x124/0x330
 system_call_vectored_common+0x15c/0x2ec
--- interrupt: 3000 at 0x7fff81f3ab34

Commit 6d07d1cd300f (“usercopy: Restrict non-usercopy caches to size 0”)
requires that only whitelisted areas in slab/slub objects can be copied to
userspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.
Dtl contains hypervisor dispatch events which are expected to be read by
privileged users. Hence mark this safe for user access.
Specify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the
entire object.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-41065 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41065)

Miscellaneous

https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6

https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd

https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f

https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2

https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a

https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4

https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586

Rapid7

Unknown

CVE-2024-41065

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-41065

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-41065

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-41065

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification