Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-26902— perf: RISCV: Fix panic on pmu overflow handler

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-26902

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
perf: RISCV: Fix panic on pmu overflow handler
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042. [ 273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [ 273.320851] Oops [#1] [ 273.323179] Modules linked in: [ 273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted 6.6.0-rc3+ #9 [ 273.332521] Hardware name: Sophgo Mango (DT) [ 273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62 [ 273.342291] ra : pmu_sbi_ovf_handler+0x2e0/0x34e [ 273.347091] epc : ffffffff80aecd98 ra : ffffffff80aee056 sp : fffffff6e36928b0 [ 273.354454] gp : ffffffff821f82d0 tp : ffffffd90c353200 t0 : 0000002ade4f9978 [ 273.361815] t1 : 0000000000504d55 t2 : ffffffff8016cd8c s0 : fffffff6e3692a70 [ 273.369180] s1 : 0000000000000020 a0 : 0000000000000000 a1 : 00001a8e81800000 [ 273.376540] a2 : 0000003c00070198 a3 : 0000003c00db75a4 a4 : 0000000000000015 [ 273.383901] a5 : ffffffd7ff8804b0 a6 : 0000000000000015 a7 : 000000000000002a [ 273.391327] s2 : 000000000000ffff s3 : 0000000000000000 s4 : ffffffd7ff8803b0 [ 273.398773] s5 : 0000000000504d55 s6 : ffffffd905069800 s7 : ffffffff821fe210 [ 273.406139] s8 : 000000007fffffff s9 : ffffffd7ff8803b0 s10: ffffffd903f29098 [ 273.413660] s11: 0000000080000000 t3 : 0000000000000003 t4 : ffffffff8017a0ca [ 273.421022] t5 : ffffffff8023cfc2 t6 : ffffffd9040780e8 [ 273.426437] status: 0000000200000100 badaddr: 0000000000000098 cause: 000000000000000d [ 273.434512] [<ffffffff80aecd98>] riscv_pmu_ctr_get_width_mask+0x8/0x62 [ 273.441169] [<ffffffff80076bd8>] handle_percpu_devid_irq+0x98/0x1ee [ 273.447562] [<ffffffff80071158>] generic_handle_domain_irq+0x28/0x36 [ 273.454151] [<ffffffff8047a99a>] riscv_intc_irq+0x36/0x4e [ 273.459659] [<ffffffff80c944de>] handle_riscv_irq+0x4a/0x74 [ 273.465442] [<ffffffff80c94c48>] do_irq+0x62/0x92 [ 273.470360] Code: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783 [ 273.477921] ---[ end trace 0000000000000000 ]--- [ 273.482630] Kernel panic - not syncing: Fatal exception in interrupt
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98 ~ 3ede8e94de6b834b48b0643385e66363e7a04be9 -
LinuxLinux 5.18 -

II. Public POCs for CVE-2024-26902

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-26902

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-04-17 · 100 CVEs total

CVE-2024-26883bpf: Fix stackmap overflow check on 32-bit arches
CVE-2024-26877crypto: xilinx - call finalize with bh disabled
CVE-2024-26873scsi: hisi_sas: Fix a deadlock issue related to automatic dump
CVE-2024-26872RDMA/srpt: Do not register event handler until srpt device is fully setup
CVE-2024-26871f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
CVE-2024-26870NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
CVE-2024-26869f2fs: fix to truncate meta inode pages forcely
CVE-2024-26874drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
CVE-2024-26881net: hns3: fix kernel crash when 1588 is received on HIP08 devices
CVE-2024-26882net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
CVE-2024-26880dm: call the resume method on internal suspend
CVE-2024-26884bpf: Fix hashtab overflow check on 32-bit arches
CVE-2024-26885bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
CVE-2024-26886Bluetooth: af_bluetooth: Fix deadlock
CVE-2024-26887Bluetooth: btusb: Fix memory leak
CVE-2024-26888Bluetooth: msft: Fix memory leak
CVE-2024-26889Bluetooth: hci_core: Fix possible buffer overflow
CVE-2024-26890Bluetooth: btrtl: fix out of bounds memory access
CVE-2024-26891iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
CVE-2024-26892wifi: mt76: mt7921e: fix use-after-free in free_irq()

Showing top 20 of 100 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-26902

No comments yet

Leave a comment