CVE-2024-42096— x86: stop playing stack games in profile_pc()
Affected Version Matrix 18
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 65ebdde16e7f5da99dbf8a548fb635837d78384e | affected |
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 27c3be840911b15a3f24ed623f86153c825b6b29 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 49c09ca35a5f521d7fa18caf62fdf378f15e8aa4 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 2d07fea561d64357fb7b3f3751e653bf20306d77 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 161cef818545ecf980f0e2ebaf8ba7326ce53c2b | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 16222beb9f8e5ceb0beeb5cbe54bef16df501a92 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68 | affected | ||
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2< 093d9603b60093a9aaae942db56107f6432a5dca | affected | ||
| … +10 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-42096
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
x86: stop playing stack games in profile_pc()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout that aren't necessarily valid. Basically, the code tries to account the time spent in spinlocks to the caller rather than the spinlock, and while I support that as a concept, it's not worth the code complexity or the KASAN warnings when no serious profiling is done using timers anyway these days. And the code really does depend on stack layout that is only true in the simplest of cases. We've lost the comment at some point (I think when the 32-bit and 64-bit code was unified), but it used to say: Assume the lock function has either no stack frame or a copy of eflags from PUSHF. which explains why it just blindly loads a word or two straight off the stack pointer and then takes a minimal look at the values to just check if they might be eflags or the return pc: Eflags always has bits 22 and up cleared unlike kernel addresses but that basic stack layout assumption assumes that there isn't any lock debugging etc going on that would complicate the code and cause a stack frame. It causes KASAN unhappiness reported for years by syzkaller [1] and others [2]. With no real practical reason for this any more, just remove the code. Just for historical interest, here's some background commits relating to this code from 2006: 0cb91a229364 ("i386: Account spinlocks to the caller during profiling for !FP kernels") 31679f38d886 ("Simplify profile_pc on x86-64") and a code unification from 2009: ef4512882dbe ("x86: time_32/64.c unify profile_pc") but the basics of this thing actually goes back to before the git tree.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于在profile_pc函数基于栈布局做出假设,这些假设在现代配置中可能不成立,导致KASAN警告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-42096
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-42096
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-07-29 · 121 CVEs total
| CVE-2024-41088 | can: mcp251xfd: fix infinite loop when xmit fails | |
| CVE-2024-42067 | bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() | |
| CVE-2024-42066 | drm/xe: Fix potential integer overflow in page size calculation | |
| CVE-2024-42065 | drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init | |
| CVE-2024-42063 | bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode | |
| CVE-2024-42064 | drm/amd/display: Skip pipe if the pipe idx not set properly | |
| CVE-2023-52887 | net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_s | |
| CVE-2024-41098 | ata: libata-core: Fix null pointer dereference on error | |
| CVE-2024-41097 | usb: atm: cxacru: fix endpoint checking in cxacru_bind() | |
| CVE-2024-41096 | PCI/MSI: Fix UAF in msi_capability_init | |
| CVE-2024-41095 | drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes | |
| CVE-2024-41094 | drm/fbdev-dma: Only set smem_start is enable per module option | |
| CVE-2024-41093 | drm/amdgpu: avoid using null object of framebuffer | |
| CVE-2024-41092 | drm/i915/gt: Fix potential UAF by revoke of fence registers | |
| CVE-2024-41089 | drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes | |
| CVE-2024-41077 | null_blk: fix validation of block size | |
| CVE-2024-41080 | io_uring: fix possible deadlock in io_register_iowq_max_workers() | |
| CVE-2024-41079 | nvmet: always initialize cqe.result | |
| CVE-2024-41078 | btrfs: qgroup: fix quota root leak after quota disable failure | |
| CVE-2024-41075 | cachefiles: add consistency check for copen/cread |
Showing top 20 of 121 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2024-42096
No comments yet