Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38661— s390/ap: Fix crash in AP internal function modify_bitmap()

EPSS 0.02% · P7
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-38661

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
s390/ap: Fix crash in AP internal function modify_bitmap()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d Oops: 0038 ilc:3 [#1] PREEMPT SMP Modules linked in: mlx5_ib ... CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8 Hardware name: IBM 3931 A01 704 (LPAR) Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3 Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8 Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a 0000014b75e7b600: 18b2 lr %r11,%r2 #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616 >0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13) 0000014b75e7b60c: a7680001 lhi %r6,1 0000014b75e7b610: 187b lr %r7,%r11 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654 0000014b75e7b616: 18e9 lr %r14,%r9 Call Trace: [<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8 ([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8) [<0000014b75e7b758>] apmask_store+0x68/0x140 [<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8 [<0000014b75598524>] vfs_write+0x1b4/0x448 [<0000014b7559894c>] ksys_write+0x74/0x100 [<0000014b7618a440>] __do_syscall+0x268/0x328 [<0000014b761a3558>] system_call+0x70/0x98 INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8 Kernel panic - not syncing: Fatal exception: panic_on_oops occured when /sys/bus/ap/a[pq]mask was updated with a relative mask value (like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX. The fix is simple: use unsigned long values for the internal variables. The correct checks are already in place in the function but a simple int for the internal variables was used with the possibility to overflow.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于modify_bitmap函数发生崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 3d8f60d38e249f989a7fca9c2370c31c3d5487e1 ~ 2062e3f1f2374102f8014d7ca286b9aa527bd558 -
LinuxLinux 4.19 -

II. Public POCs for CVE-2024-38661

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-38661

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-06-25 · 24 CVEs total

CVE-2024-39371io_uring: check for non-NULL file pointer in io_file_can_poll()
CVE-2024-39471drm/amdgpu: add error handle to avoid out-of-bounds
CVE-2024-39469nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
CVE-2024-39470eventfs: Fix a possible null pointer dereference in eventfs_find_events()
CVE-2024-39468smb: client: fix deadlock in smb2_find_smb_tcon()
CVE-2024-39467f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
CVE-2024-39466thermal/drivers/qcom/lmh: Check for SCM availability at probe
CVE-2024-39464media: v4l: async: Fix notifier list entry init
CVE-2024-39465media: mgb4: Fix double debugfs remove
CVE-2024-394639p: add missing locking around taking dentry fid list
CVE-2024-39462clk: bcm: dvp: Assign ->num before accessing ->hws
CVE-2024-39461clk: bcm: rpi: Assign ->num before accessing ->hws
CVE-2021-4440x86/xen: Drop USERGS_SYSRET64 paravirt call
CVE-2024-39301net/9p: fix uninit-value in p9_client_rpc()
CVE-2024-39298mm/memory-failure: fix handling of dissolved but not taken off from buddy pages
CVE-2024-39296bonding: fix oops during rmmod
CVE-2024-39293Revert "xsk: Support redirect to any socket bound to the same umem"
CVE-2024-39276ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
CVE-2024-38385genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
CVE-2024-38306btrfs: protect folio::private when attaching extent buffer folios

Showing top 20 of 24 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-38661

No comments yet

Leave a comment