gsd-2024-26724
Vulnerability from gsd
Modified
2024-02-20 06:02
Details
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers I managed to hit following use after free warning recently: [ 2169.711665] ================================================================== [ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0 [ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0 [ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2 [ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 2169.722457] Call Trace: [ 2169.722756] <IRQ> [ 2169.723024] dump_stack_lvl+0x58/0xb0 [ 2169.723417] print_report+0xc5/0x630 [ 2169.723807] ? __virt_addr_valid+0x126/0x2b0 [ 2169.724268] kasan_report+0xbe/0xf0 [ 2169.724667] ? __run_timers.part.0+0x179/0x4c0 [ 2169.725116] ? __run_timers.part.0+0x179/0x4c0 [ 2169.725570] __run_timers.part.0+0x179/0x4c0 [ 2169.726003] ? call_timer_fn+0x320/0x320 [ 2169.726404] ? lock_downgrade+0x3a0/0x3a0 [ 2169.726820] ? kvm_clock_get_cycles+0x14/0x20 [ 2169.727257] ? ktime_get+0x92/0x150 [ 2169.727630] ? lapic_next_deadline+0x35/0x60 [ 2169.728069] run_timer_softirq+0x40/0x80 [ 2169.728475] __do_softirq+0x1a1/0x509 [ 2169.728866] irq_exit_rcu+0x95/0xc0 [ 2169.729241] sysvec_apic_timer_interrupt+0x6b/0x80 [ 2169.729718] </IRQ> [ 2169.729993] <TASK> [ 2169.730259] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 2169.730755] RIP: 0010:default_idle+0x13/0x20 [ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 <fa> c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00 [ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242 [ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62 [ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55 [ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14 [ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0 [ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200 [ 2169.736478] ? ct_kernel_exit.constprop.0+0xa2/0xc0 [ 2169.736954] ? do_idle+0x285/0x290 [ 2169.737323] default_idle_call+0x63/0x90 [ 2169.737730] do_idle+0x285/0x290 [ 2169.738089] ? arch_cpu_idle_exit+0x30/0x30 [ 2169.738511] ? mark_held_locks+0x1a/0x80 [ 2169.738917] ? lockdep_hardirqs_on_prepare+0x12e/0x200 [ 2169.739417] cpu_startup_entry+0x30/0x40 [ 2169.739825] start_secondary+0x19a/0x1c0 [ 2169.740229] ? set_cpu_sibling_map+0xbd0/0xbd0 [ 2169.740673] secondary_startup_64_no_verify+0x15d/0x16b [ 2169.741179] </TASK> [ 2169.741686] Allocated by task 1098: [ 2169.742058] kasan_save_stack+0x1c/0x40 [ 2169.742456] kasan_save_track+0x10/0x30 [ 2169.742852] __kasan_kmalloc+0x83/0x90 [ 2169.743246] mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll] [ 2169.743730] auxiliary_bus_probe+0x62/0xb0 [ 2169.744148] really_probe+0x127/0x590 [ 2169.744534] __driver_probe_device+0xd2/0x200 [ 2169.744973] device_driver_attach+0x6b/0xf0 [ 2169.745402] bind_store+0x90/0xe0 [ 2169.745761] kernfs_fop_write_iter+0x1df/0x2a0 [ 2169.746210] vfs_write+0x41f/0x790 [ 2169.746579] ksys_write+0xc7/0x160 [ 2169.746947] do_syscall_64+0x6f/0x140 [ 2169.747333] entry_SYSCALL_64_after_hwframe+0x46/0x4e [ 2169.748049] Freed by task 1220: [ 2169.748393] kasan_save_stack+0x1c/0x40 [ 2169.748789] kasan_save_track+0x10/0x30 [ 2169.749188] kasan_save_free_info+0x3b/0x50 [ 2169.749621] poison_slab_object+0x106/0x180 [ 2169.750044] __kasan_slab_free+0x14/0x50 [ 2169.750451] kfree+0x118/0x330 [ 2169.750792] mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll] [ 2169.751271] auxiliary_bus_remove+0x2e/0x40 [ 2169.751694] device_release_driver_internal+0x24b/0x2e0 [ 2169.752191] unbind_store+0xa6/0xb0 [ 2169.752563] kernfs_fo ---truncated---
Aliases



{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-26724"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DPLL, Fix possible use after free after delayed work timer triggers\n\nI managed to hit following use after free warning recently:\n\n[ 2169.711665] ==================================================================\n[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0\n[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0\n\n[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2\n[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 2169.722457] Call Trace:\n[ 2169.722756]  \u003cIRQ\u003e\n[ 2169.723024]  dump_stack_lvl+0x58/0xb0\n[ 2169.723417]  print_report+0xc5/0x630\n[ 2169.723807]  ? __virt_addr_valid+0x126/0x2b0\n[ 2169.724268]  kasan_report+0xbe/0xf0\n[ 2169.724667]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725116]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725570]  __run_timers.part.0+0x179/0x4c0\n[ 2169.726003]  ? call_timer_fn+0x320/0x320\n[ 2169.726404]  ? lock_downgrade+0x3a0/0x3a0\n[ 2169.726820]  ? kvm_clock_get_cycles+0x14/0x20\n[ 2169.727257]  ? ktime_get+0x92/0x150\n[ 2169.727630]  ? lapic_next_deadline+0x35/0x60\n[ 2169.728069]  run_timer_softirq+0x40/0x80\n[ 2169.728475]  __do_softirq+0x1a1/0x509\n[ 2169.728866]  irq_exit_rcu+0x95/0xc0\n[ 2169.729241]  sysvec_apic_timer_interrupt+0x6b/0x80\n[ 2169.729718]  \u003c/IRQ\u003e\n[ 2169.729993]  \u003cTASK\u003e\n[ 2169.730259]  asm_sysvec_apic_timer_interrupt+0x16/0x20\n[ 2169.730755] RIP: 0010:default_idle+0x13/0x20\n[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 \u003cfa\u003e c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00\n[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242\n[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62\n[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55\n[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14\n[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0\n[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200\n[ 2169.736478]  ? ct_kernel_exit.constprop.0+0xa2/0xc0\n[ 2169.736954]  ? do_idle+0x285/0x290\n[ 2169.737323]  default_idle_call+0x63/0x90\n[ 2169.737730]  do_idle+0x285/0x290\n[ 2169.738089]  ? arch_cpu_idle_exit+0x30/0x30\n[ 2169.738511]  ? mark_held_locks+0x1a/0x80\n[ 2169.738917]  ? lockdep_hardirqs_on_prepare+0x12e/0x200\n[ 2169.739417]  cpu_startup_entry+0x30/0x40\n[ 2169.739825]  start_secondary+0x19a/0x1c0\n[ 2169.740229]  ? set_cpu_sibling_map+0xbd0/0xbd0\n[ 2169.740673]  secondary_startup_64_no_verify+0x15d/0x16b\n[ 2169.741179]  \u003c/TASK\u003e\n\n[ 2169.741686] Allocated by task 1098:\n[ 2169.742058]  kasan_save_stack+0x1c/0x40\n[ 2169.742456]  kasan_save_track+0x10/0x30\n[ 2169.742852]  __kasan_kmalloc+0x83/0x90\n[ 2169.743246]  mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll]\n[ 2169.743730]  auxiliary_bus_probe+0x62/0xb0\n[ 2169.744148]  really_probe+0x127/0x590\n[ 2169.744534]  __driver_probe_device+0xd2/0x200\n[ 2169.744973]  device_driver_attach+0x6b/0xf0\n[ 2169.745402]  bind_store+0x90/0xe0\n[ 2169.745761]  kernfs_fop_write_iter+0x1df/0x2a0\n[ 2169.746210]  vfs_write+0x41f/0x790\n[ 2169.746579]  ksys_write+0xc7/0x160\n[ 2169.746947]  do_syscall_64+0x6f/0x140\n[ 2169.747333]  entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\n[ 2169.748049] Freed by task 1220:\n[ 2169.748393]  kasan_save_stack+0x1c/0x40\n[ 2169.748789]  kasan_save_track+0x10/0x30\n[ 2169.749188]  kasan_save_free_info+0x3b/0x50\n[ 2169.749621]  poison_slab_object+0x106/0x180\n[ 2169.750044]  __kasan_slab_free+0x14/0x50\n[ 2169.750451]  kfree+0x118/0x330\n[ 2169.750792]  mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll]\n[ 2169.751271]  auxiliary_bus_remove+0x2e/0x40\n[ 2169.751694]  device_release_driver_internal+0x24b/0x2e0\n[ 2169.752191]  unbind_store+0xa6/0xb0\n[ 2169.752563]  kernfs_fo\n---truncated---",
      "id": "GSD-2024-26724",
      "modified": "2024-02-20T06:02:29.138517Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2024-26724",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "496fd0a26bbf",
                          "version_value": "1596126ea502"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "6.7"
                              },
                              {
                                "lessThan": "6.7",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "6.7.*",
                                "status": "unaffected",
                                "version": "6.7.6",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "6.8",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DPLL, Fix possible use after free after delayed work timer triggers\n\nI managed to hit following use after free warning recently:\n\n[ 2169.711665] ==================================================================\n[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0\n[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0\n\n[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2\n[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 2169.722457] Call Trace:\n[ 2169.722756]  \u003cIRQ\u003e\n[ 2169.723024]  dump_stack_lvl+0x58/0xb0\n[ 2169.723417]  print_report+0xc5/0x630\n[ 2169.723807]  ? __virt_addr_valid+0x126/0x2b0\n[ 2169.724268]  kasan_report+0xbe/0xf0\n[ 2169.724667]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725116]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725570]  __run_timers.part.0+0x179/0x4c0\n[ 2169.726003]  ? call_timer_fn+0x320/0x320\n[ 2169.726404]  ? lock_downgrade+0x3a0/0x3a0\n[ 2169.726820]  ? kvm_clock_get_cycles+0x14/0x20\n[ 2169.727257]  ? ktime_get+0x92/0x150\n[ 2169.727630]  ? lapic_next_deadline+0x35/0x60\n[ 2169.728069]  run_timer_softirq+0x40/0x80\n[ 2169.728475]  __do_softirq+0x1a1/0x509\n[ 2169.728866]  irq_exit_rcu+0x95/0xc0\n[ 2169.729241]  sysvec_apic_timer_interrupt+0x6b/0x80\n[ 2169.729718]  \u003c/IRQ\u003e\n[ 2169.729993]  \u003cTASK\u003e\n[ 2169.730259]  asm_sysvec_apic_timer_interrupt+0x16/0x20\n[ 2169.730755] RIP: 0010:default_idle+0x13/0x20\n[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 \u003cfa\u003e c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00\n[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242\n[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62\n[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55\n[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14\n[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0\n[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200\n[ 2169.736478]  ? ct_kernel_exit.constprop.0+0xa2/0xc0\n[ 2169.736954]  ? do_idle+0x285/0x290\n[ 2169.737323]  default_idle_call+0x63/0x90\n[ 2169.737730]  do_idle+0x285/0x290\n[ 2169.738089]  ? arch_cpu_idle_exit+0x30/0x30\n[ 2169.738511]  ? mark_held_locks+0x1a/0x80\n[ 2169.738917]  ? lockdep_hardirqs_on_prepare+0x12e/0x200\n[ 2169.739417]  cpu_startup_entry+0x30/0x40\n[ 2169.739825]  start_secondary+0x19a/0x1c0\n[ 2169.740229]  ? set_cpu_sibling_map+0xbd0/0xbd0\n[ 2169.740673]  secondary_startup_64_no_verify+0x15d/0x16b\n[ 2169.741179]  \u003c/TASK\u003e\n\n[ 2169.741686] Allocated by task 1098:\n[ 2169.742058]  kasan_save_stack+0x1c/0x40\n[ 2169.742456]  kasan_save_track+0x10/0x30\n[ 2169.742852]  __kasan_kmalloc+0x83/0x90\n[ 2169.743246]  mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll]\n[ 2169.743730]  auxiliary_bus_probe+0x62/0xb0\n[ 2169.744148]  really_probe+0x127/0x590\n[ 2169.744534]  __driver_probe_device+0xd2/0x200\n[ 2169.744973]  device_driver_attach+0x6b/0xf0\n[ 2169.745402]  bind_store+0x90/0xe0\n[ 2169.745761]  kernfs_fop_write_iter+0x1df/0x2a0\n[ 2169.746210]  vfs_write+0x41f/0x790\n[ 2169.746579]  ksys_write+0xc7/0x160\n[ 2169.746947]  do_syscall_64+0x6f/0x140\n[ 2169.747333]  entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\n[ 2169.748049] Freed by task 1220:\n[ 2169.748393]  kasan_save_stack+0x1c/0x40\n[ 2169.748789]  kasan_save_track+0x10/0x30\n[ 2169.749188]  kasan_save_free_info+0x3b/0x50\n[ 2169.749621]  poison_slab_object+0x106/0x180\n[ 2169.750044]  __kasan_slab_free+0x14/0x50\n[ 2169.750451]  kfree+0x118/0x330\n[ 2169.750792]  mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll]\n[ 2169.751271]  auxiliary_bus_remove+0x2e/0x40\n[ 2169.751694]  device_release_driver_internal+0x24b/0x2e0\n[ 2169.752191]  unbind_store+0xa6/0xb0\n[ 2169.752563]  kernfs_fo\n---truncated---"
          }
        ]
      },
      "generator": {
        "engine": "bippy-d3b290d2becc"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56"
          },
          {
            "name": "https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DPLL, Fix possible use after free after delayed work timer triggers\n\nI managed to hit following use after free warning recently:\n\n[ 2169.711665] ==================================================================\n[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0\n[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0\n\n[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2\n[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 2169.722457] Call Trace:\n[ 2169.722756]  \u003cIRQ\u003e\n[ 2169.723024]  dump_stack_lvl+0x58/0xb0\n[ 2169.723417]  print_report+0xc5/0x630\n[ 2169.723807]  ? __virt_addr_valid+0x126/0x2b0\n[ 2169.724268]  kasan_report+0xbe/0xf0\n[ 2169.724667]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725116]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725570]  __run_timers.part.0+0x179/0x4c0\n[ 2169.726003]  ? call_timer_fn+0x320/0x320\n[ 2169.726404]  ? lock_downgrade+0x3a0/0x3a0\n[ 2169.726820]  ? kvm_clock_get_cycles+0x14/0x20\n[ 2169.727257]  ? ktime_get+0x92/0x150\n[ 2169.727630]  ? lapic_next_deadline+0x35/0x60\n[ 2169.728069]  run_timer_softirq+0x40/0x80\n[ 2169.728475]  __do_softirq+0x1a1/0x509\n[ 2169.728866]  irq_exit_rcu+0x95/0xc0\n[ 2169.729241]  sysvec_apic_timer_interrupt+0x6b/0x80\n[ 2169.729718]  \u003c/IRQ\u003e\n[ 2169.729993]  \u003cTASK\u003e\n[ 2169.730259]  asm_sysvec_apic_timer_interrupt+0x16/0x20\n[ 2169.730755] RIP: 0010:default_idle+0x13/0x20\n[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 \u003cfa\u003e c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00\n[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242\n[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62\n[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55\n[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14\n[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0\n[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200\n[ 2169.736478]  ? ct_kernel_exit.constprop.0+0xa2/0xc0\n[ 2169.736954]  ? do_idle+0x285/0x290\n[ 2169.737323]  default_idle_call+0x63/0x90\n[ 2169.737730]  do_idle+0x285/0x290\n[ 2169.738089]  ? arch_cpu_idle_exit+0x30/0x30\n[ 2169.738511]  ? mark_held_locks+0x1a/0x80\n[ 2169.738917]  ? lockdep_hardirqs_on_prepare+0x12e/0x200\n[ 2169.739417]  cpu_startup_entry+0x30/0x40\n[ 2169.739825]  start_secondary+0x19a/0x1c0\n[ 2169.740229]  ? set_cpu_sibling_map+0xbd0/0xbd0\n[ 2169.740673]  secondary_startup_64_no_verify+0x15d/0x16b\n[ 2169.741179]  \u003c/TASK\u003e\n\n[ 2169.741686] Allocated by task 1098:\n[ 2169.742058]  kasan_save_stack+0x1c/0x40\n[ 2169.742456]  kasan_save_track+0x10/0x30\n[ 2169.742852]  __kasan_kmalloc+0x83/0x90\n[ 2169.743246]  mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll]\n[ 2169.743730]  auxiliary_bus_probe+0x62/0xb0\n[ 2169.744148]  really_probe+0x127/0x590\n[ 2169.744534]  __driver_probe_device+0xd2/0x200\n[ 2169.744973]  device_driver_attach+0x6b/0xf0\n[ 2169.745402]  bind_store+0x90/0xe0\n[ 2169.745761]  kernfs_fop_write_iter+0x1df/0x2a0\n[ 2169.746210]  vfs_write+0x41f/0x790\n[ 2169.746579]  ksys_write+0xc7/0x160\n[ 2169.746947]  do_syscall_64+0x6f/0x140\n[ 2169.747333]  entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\n[ 2169.748049] Freed by task 1220:\n[ 2169.748393]  kasan_save_stack+0x1c/0x40\n[ 2169.748789]  kasan_save_track+0x10/0x30\n[ 2169.749188]  kasan_save_free_info+0x3b/0x50\n[ 2169.749621]  poison_slab_object+0x106/0x180\n[ 2169.750044]  __kasan_slab_free+0x14/0x50\n[ 2169.750451]  kfree+0x118/0x330\n[ 2169.750792]  mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll]\n[ 2169.751271]  auxiliary_bus_remove+0x2e/0x40\n[ 2169.751694]  device_release_driver_internal+0x24b/0x2e0\n[ 2169.752191]  unbind_store+0xa6/0xb0\n[ 2169.752563]  kernfs_fo\n---truncated---"
          }
        ],
        "id": "CVE-2024-26724",
        "lastModified": "2024-04-03T17:24:18.150",
        "metrics": {},
        "published": "2024-04-03T15:15:54.203",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.