cve-2024-36019
Vulnerability from cvelistv5
Published
2024-05-30 14:59
Modified
2024-12-19 09:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was indexing entry[] by only the register address, leading to an out-of-bounds access that copied some part of the kernel memory over the cache contents. This bug was not detected by the regmap KUnit test because it only tests with a block of registers starting at 0, so mas.index == 0.
Impacted products
Vendor Product Version
Linux Linux Version: 6.4
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-30T16:11:04.952877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:34.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-maple.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3af6c5ac72dc5b721058132a0a1d7779e443175e",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            },
            {
              "lessThan": "51c4440b9d3fd7c8234e6de9170a487c03506e53",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            },
            {
              "lessThan": "00bb549d7d63a21532e76e4a334d7807a54d9f31",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-maple.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: Fix cache corruption in regcache_maple_drop()\n\nWhen keeping the upper end of a cache block entry, the entry[] array\nmust be indexed by the offset from the base register of the block,\ni.e. max - mas.index.\n\nThe code was indexing entry[] by only the register address, leading\nto an out-of-bounds access that copied some part of the kernel\nmemory over the cache contents.\n\nThis bug was not detected by the regmap KUnit test because it only\ntests with a block of registers starting at 0, so mas.index == 0."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:00:38.523Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"
        },
        {
          "url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"
        },
        {
          "url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"
        }
      ],
      "title": "regmap: maple: Fix cache corruption in regcache_maple_drop()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36019",
    "datePublished": "2024-05-30T14:59:42.840Z",
    "dateReserved": "2024-05-17T13:50:33.157Z",
    "dateUpdated": "2024-12-19T09:00:38.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36019\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T15:15:49.027\",\"lastModified\":\"2024-11-21T09:21:26.973\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nregmap: maple: Fix cache corruption in regcache_maple_drop()\\n\\nWhen keeping the upper end of a cache block entry, the entry[] array\\nmust be indexed by the offset from the base register of the block,\\ni.e. max - mas.index.\\n\\nThe code was indexing entry[] by only the register address, leading\\nto an out-of-bounds access that copied some part of the kernel\\nmemory over the cache contents.\\n\\nThis bug was not detected by the regmap KUnit test because it only\\ntests with a block of registers starting at 0, so mas.index == 0.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regmap: maple: corrige la corrupci\u00f3n de la cach\u00e9 en regcache_maple_drop() Cuando se mantiene el extremo superior de una entrada de bloque de cach\u00e9, la matriz de entrada[] debe indexarse seg\u00fan el desplazamiento del registro base de el bloque, es decir, max - mas.index. El c\u00f3digo indexaba la entrada [] solo por la direcci\u00f3n de registro, lo que generaba un acceso fuera de los l\u00edmites que copiaba parte de la memoria del kernel sobre el contenido de la cach\u00e9. Este error no fue detectado por la prueba regmap KUnit porque solo prueba con un bloque de registros que comienza en 0, por lo que mas.index == 0.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.