Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-26712

Disclosure Date: April 03, 2024 •

CVE-2024-26712

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

powerpc/kasan: Fix addr error caused by page alignment

In kasan_init_region, when k_start is not page aligned, at the begin of
for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then
va = block + k_cur - k_start is less than block, the addr va is invalid,
because the memory address space from va to block is not alloced by
memblock_alloc, which will not be reserved by memblock_reserve later, it
will be used by other places.

As a result, memory overwriting occurs.

for example:
int __init __weak kasan_init_region(void *start, size_t size)
{
[…]

/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */
block = memblock_alloc(k_end - k_start, PAGE_SIZE);
[...]
for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {
	/* at the begin of for loop
	 * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)
	 * va(dcd96c00) is less than block(dcd97000), va is invalid
	 */
	void *va = block + k_cur - k_start;
	[...]
}

[…]
}

Therefore, page alignment is performed on k_start before
memblock_alloc() to ensure the validity of the VA address.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-26712 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26712)

Miscellaneous

https://git.kernel.org/stable/c/230e89b5ad0a33f530a2a976b3e5e4385cb27882

https://git.kernel.org/stable/c/2738e0aa2fb24a7ab9c878d912dc2b239738c6c6

https://git.kernel.org/stable/c/0c09912dd8387e228afcc5e34ac5d79b1e3a1058

https://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe

https://git.kernel.org/stable/c/70ef2ba1f4286b2b73675aeb424b590c92d57b25

https://git.kernel.org/stable/c/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Rapid7

Unknown

CVE-2024-26712

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-26712

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-26712

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-26712

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification