ghsa-6j6x-q3pw-5hr9
Vulnerability from github
Published
2024-04-17 12:32
Modified
2024-04-17 12:32
Details

In the Linux kernel, the following vulnerability has been resolved:

block: Fix WARNING in _copy_from_iter

Syzkaller reports a warning in _copy_from_iter because an iov_iter is supposedly used in the wrong direction. The reason is that syzcaller managed to generate a request with a transfer direction of SG_DXFER_TO_FROM_DEV. This instructs the kernel to copy user buffers into the kernel, read into the copied buffers and then copy the data back to user space.

Thus the iovec is used in both directions.

Detect this situation in the block layer and construct a new iterator with the correct direction for the copy-in.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-26844"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T10:15:10Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix WARNING in _copy_from_iter\n\nSyzkaller reports a warning in _copy_from_iter because an\niov_iter is supposedly used in the wrong direction. The reason\nis that syzcaller managed to generate a request with\na transfer direction of SG_DXFER_TO_FROM_DEV. This instructs\nthe kernel to copy user buffers into the kernel, read into\nthe copied buffers and then copy the data back to user space.\n\nThus the iovec is used in both directions.\n\nDetect this situation in the block layer and construct a new\niterator with the correct direction for the copy-in.",
  "id": "GHSA-6j6x-q3pw-5hr9",
  "modified": "2024-04-17T12:32:03Z",
  "published": "2024-04-17T12:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26844"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0f1bae071de9967602807472921829a54b2e5956"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fc80874103a5c20aebdc2401361aa01c817f75b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cbaf9be337f7da25742acfce325119e3395b1f1b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.