CVE-2024-56560

In the Linux kernel, the following vulnerability has been resolved: slab: Fix too strict alignment check in create_cache() On m68k, where the minimum alignment of unsigned long is 2 bytes: Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22 CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783 Stack from 0102fe5c: 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b 0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044 0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007 01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4 00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004 00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88 Call Trace: [<00425e78>] dump_stack+0xc/0x10 [<0041eb74>] panic+0xd8/0x26c [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8 [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8 [<0041e5f0>] memset+0x0/0x8c [<005f67c0>] io_uring_init+0x54/0xd2 The minimal alignment of an integral type may differ from its size, hence is not safe to assume that an arbitrary freeptr_t (which is basically an unsigned long) is always aligned to 4 or 8 bytes. As nothing seems to require the additional alignment, it is safe to fix this by relaxing the check to the actual minimum alignment of freeptr_t.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/8b5aea5e5186733fa4e5aa4293b0a65a933f1a16	Patch
https://git.kernel.org/stable/c/9008fe8fad8255edfdbecea32d7eb0485d939d0d	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

07 Oct 2025, 18:15

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
CWE		NVD-CWE-noinfo
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: slab: Se corrige una comprobación de alineación demasiado estricta en create_cache() En m68k, donde la alineación mínima de unsigned long es de 2 bytes: Pánico del kernel: no se sincroniza: __kmem_cache_create_args: No se pudo crear slab 'io_kiocb'. Error -22 CPU: 0 UID: 0 PID: 1 Comm: swapper No contaminado 6.12.0-atari-03776-g7eaa1f99261a #1783 Pila de 0102fe5c: 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b 0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044 0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007 01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4 00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004 00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88 Seguimiento de llamadas: [<00425e78>] dump_stack+0xc/0x10 [<0041eb74>] panic+0xd8/0x26c [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8 [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8 [<0041e5f0>] memset+0x0/0x8c [<005f67c0>] io_uring_init+0x54/0xd2 La alineación mínima de un tipo integral puede diferir de su tamaño, por lo tanto, no es seguro asumir que un freeptr_t arbitrario (que es básicamente un unsigned long) siempre está alineado a 4 u 8 bytes. Como nada parece requerir una alineación adicional, es seguro solucionar esto relajando la verificación a la alineación mínima real de freeptr_t.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/8b5aea5e5186733fa4e5aa4293b0a65a933f1a16 -~~	() https://git.kernel.org/stable/c/8b5aea5e5186733fa4e5aa4293b0a65a933f1a16 - Patch
References	~~() https://git.kernel.org/stable/c/9008fe8fad8255edfdbecea32d7eb0485d939d0d -~~	() https://git.kernel.org/stable/c/9008fe8fad8255edfdbecea32d7eb0485d939d0d - Patch

27 Dec 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 15:15

Updated : 2025-10-07 18:15

NVD link : CVE-2024-56560

Mitre link : CVE-2024-56560

CVE.ORG link : CVE-2024-56560

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10