CVE-2024-36892— Linux kernel 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-36892 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
mm/slub: avoid zeroing outside-object freepointer for single free
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe ("mm/slub: handle bulk and single object freeing separately") splits single and bulk object freeing in two functions slab_free() and slab_free_bulk() which leads slab_free() to call slab_free_hook() directly instead of slab_free_freelist_hook(). If `init_on_free` is set, slab_free_hook() zeroes the object. Afterward, if `slub_debug=F` and `CONFIG_SLAB_FREELIST_HARDENED` are set, the do_slab_free() slowpath executes freelist consistency checks and try to decode a zeroed freepointer which leads to a "Freepointer corrupt" detection in check_object(). During bulk free, slab_free_freelist_hook() isn't affected as it always sets it objects freepointer using set_freepointer() to maintain its reconstructed freelist after `init_on_free`. For single free, object's freepointer thus needs to be avoided when stored outside the object if `init_on_free` is set. The freepointer left as is, check_object() may later detect an invalid pointer value due to objects overflow. To reproduce, set `slub_debug=FU init_on_free=1 log_level=7` on the command line of a kernel build with `CONFIG_SLAB_FREELIST_HARDENED=y`. dmesg sample log: [ 10.708715] ============================================================================= [ 10.710323] BUG kmalloc-rnd-05-32 (Tainted: G B T ): Freepointer corrupt [ 10.712695] ----------------------------------------------------------------------------- [ 10.712695] [ 10.712695] Slab 0xffffd8bdc400d580 objects=32 used=4 fp=0xffff9d9a80356f80 flags=0x200000000000a00(workingset|slab|node=0|zone=2) [ 10.716698] Object 0xffff9d9a80356600 @offset=1536 fp=0x7ee4f480ce0ecd7c [ 10.716698] [ 10.716698] Bytes b4 ffff9d9a803565f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.720703] Object ffff9d9a80356600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.720703] Object ffff9d9a80356610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.724696] Padding ffff9d9a8035666c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.724696] Padding ffff9d9a8035667c: 00 00 00 00 .... [ 10.724696] FIX kmalloc-rnd-05-32: Object at 0xffff9d9a80356600 not freed
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于对象溢出,导致无效指针值。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2024-36892 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-36892 的情报信息
请登录查看更多情报信息。
同批安全公告 · Linux · 2024-05-30 · 共 93 条
| CVE-2024-36927 | Linux kernel 安全漏洞 | |
| CVE-2024-36922 | Linux kernel 安全漏洞 | |
| CVE-2024-36920 | Linux kernel 安全漏洞 | |
| CVE-2024-36916 | Linux kernel 安全漏洞 | |
| CVE-2024-36917 | Linux kernel 安全漏洞 | |
| CVE-2024-36914 | Linux kernel 安全漏洞 | |
| CVE-2024-36915 | Linux kernel 安全漏洞 | |
| CVE-2024-36913 | Linux kernel 安全漏洞 | |
| CVE-2024-36919 | Linux kernel 安全漏洞 | |
| CVE-2024-36925 | Linux kernel 安全漏洞 | |
| CVE-2024-36924 | Linux kernel 安全漏洞 | |
| CVE-2024-36926 | Linux kernel 安全漏洞 | |
| CVE-2024-36928 | Linux kernel 安全漏洞 | |
| CVE-2024-36929 | Linux kernel 安全漏洞 | |
| CVE-2024-36930 | Linux kernel 安全漏洞 | |
| CVE-2024-36932 | Linux kernel 安全漏洞 | |
| CVE-2024-36931 | Linux kernel 安全漏洞 | |
| CVE-2024-36933 | Linux kernel 安全漏洞 | |
| CVE-2024-36934 | Linux kernel 安全漏洞 | |
| CVE-2024-36935 | Linux kernel 安全漏洞 |
显示前 20 条,共 93 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-36892
暂无评论