CVE-2024-53065

{"id": "CVE-2024-53065", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-11-19T18:15:26.333", "references": [{"url": "https://git.kernel.org/stable/c/1b47f9febf48641d3530ec877f4d0995c58e6b73", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9c9201afebea1efc7ea4b8f721ee18a05bb8aca1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create\n\nCommit b035f5a6d852 (\"mm: slab: reduce the kmalloc() minimum alignment\nif DMA bouncing possible\") reduced ARCH_KMALLOC_MINALIGN to 8 on arm64.\nHowever, with KASAN_HW_TAGS enabled, arch_slab_minalign() becomes 16.\nThis causes kmalloc_caches[*][8] to be aliased to kmalloc_caches[*][16],\nresulting in kmem_buckets_create() attempting to create a kmem_cache for\nsize 16 twice. This duplication triggers warnings on boot:\n\n[ 2.325108] ------------[ cut here ]------------\n[ 2.325135] kmem_cache of name 'memdup_user-16' already exists\n[ 2.325783] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0\n[ 2.327957] Modules linked in:\n[ 2.328550] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5mm-unstable-arm64+ #12\n[ 2.328683] Hardware name: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024\n[ 2.328790] pstate: 61000009 (nZCv daif -PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 2.328911] pc : __kmem_cache_create_args+0xb8/0x3b0\n[ 2.328930] lr : __kmem_cache_create_args+0xb8/0x3b0\n[ 2.328942] sp : ffff800083d6fc50\n[ 2.328961] x29: ffff800083d6fc50 x28: f2ff0000c1674410 x27: ffff8000820b0598\n[ 2.329061] x26: 000000007fffffff x25: 0000000000000010 x24: 0000000000002000\n[ 2.329101] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388\n[ 2.329118] x20: f2ff0000c1674410 x19: f5ff0000c16364c0 x18: ffff800083d80030\n[ 2.329135] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 2.329152] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120\n[ 2.329169] x11: 656820747563205b x10: 2d2d2d2d2d2d2d2d x9 : 0000000000000000\n[ 2.329194] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 2.329210] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n[ 2.329226] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n[ 2.329291] Call trace:\n[ 2.329407] __kmem_cache_create_args+0xb8/0x3b0\n[ 2.329499] kmem_buckets_create+0xfc/0x320\n[ 2.329526] init_user_buckets+0x34/0x78\n[ 2.329540] do_one_initcall+0x64/0x3c8\n[ 2.329550] kernel_init_freeable+0x26c/0x578\n[ 2.329562] kernel_init+0x3c/0x258\n[ 2.329574] ret_from_fork+0x10/0x20\n[ 2.329698] ---[ end trace 0000000000000000 ]---\n\n[ 2.403704] ------------[ cut here ]------------\n[ 2.404716] kmem_cache of name 'msg_msg-16' already exists\n[ 2.404801] WARNING: CPU: 2 PID: 1 at mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0\n[ 2.404842] Modules linked in:\n[ 2.404971] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.12.0-rc5mm-unstable-arm64+ #12\n[ 2.405026] Tainted: [W]=WARN\n[ 2.405043] Hardware name: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024\n[ 2.405057] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 2.405079] pc : __kmem_cache_create_args+0xb8/0x3b0\n[ 2.405100] lr : __kmem_cache_create_args+0xb8/0x3b0\n[ 2.405111] sp : ffff800083d6fc50\n[ 2.405115] x29: ffff800083d6fc50 x28: fbff0000c1674410 x27: ffff8000820b0598\n[ 2.405135] x26: 000000000000ffd0 x25: 0000000000000010 x24: 0000000000006000\n[ 2.405153] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388\n[ 2.405169] x20: fbff0000c1674410 x19: fdff0000c163d6c0 x18: ffff800083d80030\n[ 2.405185] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 2.405201] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120\n[ 2.405217] x11: 656820747563205b x10: 2d2d2d2d2d2d2d2d x9 : 0000000000000000\n[ 2.405233] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\n[ 2.405248] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n[ 2.405271] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n[ 2.405287] Call trace:\n[ 2\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/slab: se corrige la advertencia causada por la creaci\u00f3n duplicada de kmem_cache en kmem_buckets_create. el commit b035f5a6d852 (\"mm: slab: reduce la alineaci\u00f3n m\u00ednima de kmalloc() si es posible el rebote de DMA\") redujo ARCH_KMALLOC_MINALIGN a 8 en arm64. Sin embargo, con KASAN_HW_TAGS habilitado, arch_slab_minalign() se convierte en 16. Esto hace que kmalloc_caches[*][8] se asocie a kmalloc_caches[*][16], lo que hace que kmem_buckets_create() intente crear un kmem_cache para el tama\u00f1o 16 dos veces. Esta duplicaci\u00f3n activa advertencias en el arranque: [ 2.325108] ------------[ cortar aqu\u00ed ]------------ [ 2.325135] kmem_cache con el nombre 'memdup_user-16' ya existe [ 2.325783] ADVERTENCIA: CPU: 0 PID: 1 en mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0 [ 2.327957] M\u00f3dulos vinculados en: [ 2.328550] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 No contaminado 6.12.0-rc5mm-unstable-arm64+ #12 [ 2.328683] Nombre del hardware: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024 [ 2.328790] pstate: 61000009 (nZCv daif -PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2.328911] pc : __kmem_cache_create_args+0xb8/0x3b0 [ 2.328930] lr : __kmem_cache_create_args+0xb8/0x3b0 [ 2.328942] sp : ffff800083d6fc50 [ 2.328961] x29: ffff800083d6fc50 x28: f2ff0000c1674410 x27: ffff8000820b0598 [ 2.329061] x26: 000000007fffffff x25: 0000000000000010 x24: 00000000000002000 [ 2.329101] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388 [ 2.329118] x20: f2ff0000c1674410 x19: f5ff0000c16364c0 x18: ffff800083d80030 [ 2.329135] x17: 000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 2.329152] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120 [ 2.329169] x11: 205b x10: 2d2d2d2d2d2d2d2d x9 : 00000000000000000 [ 2.329194] x8 : 0000000000000000 x7 : 00000000000000000 x6 : 0000000000000000 [ 2.329210] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 2.329226] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 [ 2.329291] Rastreo de llamadas: [ 2.329407] __kmem_cache_create_args+0xb8/0x3b0 [ 2.329499] kmem_buckets_create+0xfc/0x320 [ 2.329526] init_user_buckets+0x34/0x78 [ 2.329540] do_one_initcall+0x64/0x3c8 [ 2.329550] kernel_init_freeable+0x26c/0x578 [ 2.329562] kernel_init+0x3c/0x258 [ 2.329574] ret_from_fork+0x10/0x20 [ 2.329698] ---[ fin de seguimiento 000000000000000 ]--- [ 2.403704] ------------[ cortar aqu\u00ed ]------------ [ 2.404716] kmem_cache del nombre 'msg_msg-16' ya existe [ 2.404801] ADVERTENCIA: CPU: 2 PID: 1 en mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0 [ 2.404842] M\u00f3dulos vinculados en: [ 2.404971] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Contaminado: GW 6.12.0-rc5mm-unstable-arm64+ #12 [ 2.405026] Contaminado: [W]=WARN [ 2.405043] Nombre del hardware: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024 [ 2.405057] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.405079] pc : __kmem_cache_create_args+0xb8/0x3b0 [ 2.405100] lr : __kmem_cache_create_args+0xb8/0x3b0 [ 2.405111] sp : ffff800083d6fc50 [ 2.405115] x29: ffff800083d6fc50 x28: fbff0000c1674410 x27: ffff8000820b0598 [ 2.405135] x26: 000000000000ffd0 x25: 000000000000010 x24: 0000000000006000 [ 2.405153] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388 [ 2.405169] x20: fbff0000c1674410 x19: fdff0000c163d6c0 x18: ffff800083d80030 [ 2.405185] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 2.405201] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120 [ 2.405217] x11: 656820747563205b x10: 2d2d2d2d2d2d2d2d x9 : 0000000000000000 [ 2.405233] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 2.405248] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 2.405271] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 [ 2.405287] Rastreo de llamada: [ 2 ---truncado---"}], "lastModified": "2024-11-25T21:04:38.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "728427FE-4653-45EF-AA11-DA6A6AF58B8F", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}