cve-2024-44975
Vulnerability from cvelistv5
Published
2024-09-04 19:54
Modified
2024-12-19 09:19
Severity ?
EPSS score ?
Summary
cgroup/cpuset: fix panic caused by partcmd_update
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:26:17.235376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:03.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/cpuset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "73d6c6cf8ef6a3c532aa159f5114077746a372d6",
"status": "affected",
"version": "0c7f293efc87a06b51db9aa65256f8cb0a5a0a21",
"versionType": "git"
},
{
"lessThan": "959ab6350add903e352890af53e86663739fcb9a",
"status": "affected",
"version": "0c7f293efc87a06b51db9aa65256f8cb0a5a0a21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/cpuset.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset \u003e ../cgroup.subtree_control\necho root \u003e cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 \u003e cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:19:27.392Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6"
},
{
"url": "https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a"
}
],
"title": "cgroup/cpuset: fix panic caused by partcmd_update",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44975",
"datePublished": "2024-09-04T19:54:27.622Z",
"dateReserved": "2024-08-21T05:34:56.669Z",
"dateUpdated": "2024-12-19T09:19:27.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-44975\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-04T20:15:07.160\",\"lastModified\":\"2024-10-03T14:32:31.677\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncgroup/cpuset: fix panic caused by partcmd_update\\n\\nWe find a bug as below:\\nBUG: unable to handle page fault for address: 00000003\\nPGD 0 P4D 0\\nOops: 0000 [#1] PREEMPT SMP NOPTI\\nCPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\\nFS: 00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\\nCall Trace:\\n \u003cTASK\u003e\\n ? show_regs+0x8c/0xa0\\n ? __die_body+0x23/0xa0\\n ? __die+0x3a/0x50\\n ? page_fault_oops+0x1d2/0x5c0\\n ? partition_sched_domains_locked+0x483/0x600\\n ? search_module_extables+0x2a/0xb0\\n ? search_exception_tables+0x67/0x90\\n ? kernelmode_fixup_or_oops+0x144/0x1b0\\n ? __bad_area_nosemaphore+0x211/0x360\\n ? up_read+0x3b/0x50\\n ? bad_area_nosemaphore+0x1a/0x30\\n ? exc_page_fault+0x890/0xd90\\n ? __lock_acquire.constprop.0+0x24f/0x8d0\\n ? __lock_acquire.constprop.0+0x24f/0x8d0\\n ? asm_exc_page_fault+0x26/0x30\\n ? partition_sched_domains_locked+0x483/0x600\\n ? partition_sched_domains_locked+0xf0/0x600\\n rebuild_sched_domains_locked+0x806/0xdc0\\n update_partition_sd_lb+0x118/0x130\\n cpuset_write_resmask+0xffc/0x1420\\n cgroup_file_write+0xb2/0x290\\n kernfs_fop_write_iter+0x194/0x290\\n new_sync_write+0xeb/0x160\\n vfs_write+0x16f/0x1d0\\n ksys_write+0x81/0x180\\n __x64_sys_write+0x21/0x30\\n x64_sys_call+0x2f25/0x4630\\n do_syscall_64+0x44/0xb0\\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\\nRIP: 0033:0x7f44a553c887\\n\\nIt can be reproduced with cammands:\\ncd /sys/fs/cgroup/\\nmkdir test\\ncd test/\\necho +cpuset \u003e ../cgroup.subtree_control\\necho root \u003e cpuset.cpus.partition\\ncat /sys/fs/cgroup/cpuset.cpus.effective\\n0-3\\necho 0-3 \u003e cpuset.cpus // taking away all cpus from root\\n\\nThis issue is caused by the incorrect rebuilding of scheduling domains.\\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\\nand should not trigger the rebuilding of scheduling domains. When calling\\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\\nnull, it should recheck newmask whether there are cpus is available\\nfor parect/cs that has tasks.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cgroup/cpuset: arregla el p\u00e1nico causado por partcmd_update Encontramos un error como el siguiente: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 00000003 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: GWI 6.6.0-10893-g60d6 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4 RIP: 0010:partition_sched_domains_locked+0x483/0x600 C\u00f3digo: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9 RSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202 RAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000002fe80 RBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000 R10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002 R13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0 Seguimiento de llamadas: ? show_regs+0x8c/0xa0 ? __die_body+0x23/0xa0 ? __die+0x3a/0x50 ? page_fault_oops+0x1d2/0x5c0 ? particion_sched_domains_locked+0x483/0x600 ? search_module_extables+0x2a/0xb0 ? search_exception_tables+0x67/0x90 ? kernelmode_fixup_or_oops+0x144/0x1b0 ? __bad_area_nosemaphore+0x211/0x360 ? up_read+0x3b/0x50 ? sem\u00e1foro de nariz de \u00e1rea defectuosa+0x1a/0x30 ? exc_page_fault+0x890/0xd90 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? asm_exc_page_fault+0x26/0x30 ? dominios programados de partici\u00f3n bloqueados+0x483/0x600 ? partici\u00f3n_sched_dominios_bloqueados+0xf0/0x600 reconstruir_sched_dominios_bloqueados+0x806/0xdc0 actualizar_partici\u00f3n_sd_lb+0x118/0x130 resmask_escritura_cpuset+0xffc/0x1420 escritura_archivo_cgroup+0xb2/0x290 iterador_escritura_fop_kernfs+0x194/0x290 nueva_escritura_sincronizada+0xeb/0x160 escritura_vfs+0x16f/0x1d0 escritura_ksys+0x81/0x180 escritura_sys___x64+0x21/0x30 llamada_sys_x64+0x2f25/0x4630 llamada_sys_64+0x44/0xb0 entry_SYSCALL_64_after_hwframe+0x78/0xe2 RIP: 0033:0x7f44a553c887 Se puede reproducir con los siguientes comandos: cd /sys/fs/cgroup/ mkdir test cd test/ echo +cpuset \u0026gt; ../cgroup.subtree_control echo root \u0026gt; cpuset.cpus.partition cat /sys/fs/cgroup/cpuset.cpus.effective 0-3 echo 0-3 \u0026gt; cpuset.cpus // quitar todas las CPU de la ra\u00edz Este problema se debe a la reconstrucci\u00f3n incorrecta de los dominios de programaci\u00f3n. En este escenario, test/cpuset.cpus.partition deber\u00eda ser una ra\u00edz no v\u00e1lida y no deber\u00eda activar la reconstrucci\u00f3n de los dominios de programaci\u00f3n. Al llamar a update_parent_effective_cpumask con partcmd_update, si newmask no es nulo, debe volver a verificar si newmask tiene CPU disponibles para parect/cs que tiene tareas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.7\",\"matchCriteriaId\":\"D2AFDFD1-D95A-4EB7-843B-5E7659518B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.