CVE-2024-26850
Vulnerability from cvelistv5
Published
2024-04-17 10:14
Modified
2024-12-19 08:48
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Architectures like powerpc add debug checks to ensure we find only devmap PUD pte entries. These debug checks are only done with CONFIG_DEBUG_VM. This patch marks the ptes used for PUD advanced test devmap pte entries so that we don't hit on debug checks on architecture like ppc64 as below. WARNING: CPU: 2 PID: 1 at arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138 .... NIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138 LR [c0000000000a77a8] radix__pudp_huge_get_and_clear+0x28/0x60 Call Trace: [c000000004a2f950] [c000000004a2f9a0] 0xc000000004a2f9a0 (unreliable) [c000000004a2f980] [000d34c100000000] 0xd34c100000000 [c000000004a2f9a0] [c00000000206ba98] pud_advanced_tests+0x118/0x334 [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388 Also kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:202! .... NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174 LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 Call Trace: [c000000004a2f950] [000d34c100000000] 0xd34c100000000 (unreliable) [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388
Impacted products
Vendor Product Version
Linux Linux Version: 6.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2a9510c0e39d06f5544075c13040407bdbf2803"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eeeddf85fc58d48c58ad916e4ca12363ebd8ab21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/720da1e593b85a550593b415bf1d79a053133451"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26850",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:41.728236Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:27.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/debug_vm_pgtable.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d2a9510c0e39d06f5544075c13040407bdbf2803",
              "status": "affected",
              "version": "27af67f35631ac4b61b5e4455b44c9aee8d2cc4b",
              "versionType": "git"
            },
            {
              "lessThan": "eeeddf85fc58d48c58ad916e4ca12363ebd8ab21",
              "status": "affected",
              "version": "27af67f35631ac4b61b5e4455b44c9aee8d2cc4b",
              "versionType": "git"
            },
            {
              "lessThan": "720da1e593b85a550593b415bf1d79a053133451",
              "status": "affected",
              "version": "27af67f35631ac4b61b5e4455b44c9aee8d2cc4b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/debug_vm_pgtable.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/debug_vm_pgtable: fix BUG_ON with pud advanced test\n\nArchitectures like powerpc add debug checks to ensure we find only devmap\nPUD pte entries.  These debug checks are only done with CONFIG_DEBUG_VM. \nThis patch marks the ptes used for PUD advanced test devmap pte entries so\nthat we don\u0027t hit on debug checks on architecture like ppc64 as below.\n\nWARNING: CPU: 2 PID: 1 at arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138\n....\nNIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138\nLR [c0000000000a77a8] radix__pudp_huge_get_and_clear+0x28/0x60\nCall Trace:\n[c000000004a2f950] [c000000004a2f9a0] 0xc000000004a2f9a0 (unreliable)\n[c000000004a2f980] [000d34c100000000] 0xd34c100000000\n[c000000004a2f9a0] [c00000000206ba98] pud_advanced_tests+0x118/0x334\n[c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48\n[c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388\n\nAlso\n\n kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:202!\n ....\n\n NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174\n LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334\n Call Trace:\n [c000000004a2f950] [000d34c100000000] 0xd34c100000000 (unreliable)\n [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334\n [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48\n [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:48:40.261Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d2a9510c0e39d06f5544075c13040407bdbf2803"
        },
        {
          "url": "https://git.kernel.org/stable/c/eeeddf85fc58d48c58ad916e4ca12363ebd8ab21"
        },
        {
          "url": "https://git.kernel.org/stable/c/720da1e593b85a550593b415bf1d79a053133451"
        }
      ],
      "title": "mm/debug_vm_pgtable: fix BUG_ON with pud advanced test",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26850",
    "datePublished": "2024-04-17T10:14:20.812Z",
    "dateReserved": "2024-02-19T14:20:24.183Z",
    "dateUpdated": "2024-12-19T08:48:40.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26850\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T11:15:08.427\",\"lastModified\":\"2024-11-21T09:03:12.580\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm/debug_vm_pgtable: fix BUG_ON with pud advanced test\\n\\nArchitectures like powerpc add debug checks to ensure we find only devmap\\nPUD pte entries.  These debug checks are only done with CONFIG_DEBUG_VM. \\nThis patch marks the ptes used for PUD advanced test devmap pte entries so\\nthat we don\u0027t hit on debug checks on architecture like ppc64 as below.\\n\\nWARNING: CPU: 2 PID: 1 at arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138\\n....\\nNIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138\\nLR [c0000000000a77a8] radix__pudp_huge_get_and_clear+0x28/0x60\\nCall Trace:\\n[c000000004a2f950] [c000000004a2f9a0] 0xc000000004a2f9a0 (unreliable)\\n[c000000004a2f980] [000d34c100000000] 0xd34c100000000\\n[c000000004a2f9a0] [c00000000206ba98] pud_advanced_tests+0x118/0x334\\n[c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48\\n[c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388\\n\\nAlso\\n\\n kernel BUG at arch/powerpc/mm/book3s64/pgtable.c:202!\\n ....\\n\\n NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174\\n LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334\\n Call Trace:\\n [c000000004a2f950] [000d34c100000000] 0xd34c100000000 (unreliable)\\n [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334\\n [c000000004a2fa40] [c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48\\n [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/debug_vm_pgtable: corrige BUG_ON con la prueba avanzada de pud. Las arquitecturas como powerpc agregan comprobaciones de depuraci\u00f3n para garantizar que solo encontremos entradas devmap PUD pte. Estas comprobaciones de depuraci\u00f3n s\u00f3lo se realizan con CONFIG_DEBUG_VM. Este parche marca los ptes utilizados para las entradas de pte devmap de prueba avanzada de PUD para que no realicemos comprobaciones de depuraci\u00f3n en arquitectura como ppc64 como se muestra a continuaci\u00f3n. ADVERTENCIA: CPU: 2 PID: 1 en arch/powerpc/mm/book3s64/radix_pgtable.c:1382 radix__pud_hugepage_update+0x38/0x138 .... NIP [c0000000000a7004] radix__pud_hugepage_update+0x38/0x138 LR [c0000000000a7 7a8] radix__pudp_huge_get_and_clear+0x28/0x60 Llamada Trace: [C00000000004A2F950] [C000000004A2F9A0] 0xC00000000004A2F9A0 (poco confiable) [C00000000004A2F980] [000D34C10000000000] 0XD34C100000000 [C0000004A2F9A0] 118/0x334 [C000000004A2FA40] [C000000002206DB34] DEBUG_VM_PGTABLE+0XCBC/0X1C48 [C000000004A2FC10] [C00000000000FD28] Do_Onitcall+0x60 /0x388 \u00a1Tambi\u00e9n ERROR del kernel en arch/powerpc/mm/book3s64/pgtable.c:202! .... NIP [c000000000096510] pudp_huge_get_and_clear_full+0x98/0x174 LR [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 Seguimiento de llamadas: [c000000004a2f950] 000] 0xd34c100000000 (no confiable) [c000000004a2f9a0] [c00000000206bb34] pud_advanced_tests+0x1b4/0x334 [c000000004a2fa40] [ c00000000206db34] debug_vm_pgtable+0xcbc/0x1c48 [c000000004a2fc10] [c00000000000fd28] do_one_initcall+0x60/0x388\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/720da1e593b85a550593b415bf1d79a053133451\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d2a9510c0e39d06f5544075c13040407bdbf2803\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/eeeddf85fc58d48c58ad916e4ca12363ebd8ab21\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/720da1e593b85a550593b415bf1d79a053133451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d2a9510c0e39d06f5544075c13040407bdbf2803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/eeeddf85fc58d48c58ad916e4ca12363ebd8ab21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.