目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2024-45000— Linux kernel 安全漏洞

AI 预测 5.5 利用难度: 困难 EPSS 0.22% · P13

影响版本矩阵 10

厂商产品版本范围状态
LinuxLinux12bb21a29c19aae50cfad4e2bb5c943108f34a7d< b8a50877f68efdcc0be3fcc5116e00c31b90e45baffected
12bb21a29c19aae50cfad4e2bb5c943108f34a7d< dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6affected
12bb21a29c19aae50cfad4e2bb5c943108f34a7d< 0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1daffected
12bb21a29c19aae50cfad4e2bb5c943108f34a7d< f71aa06398aabc2e3eaac25acdf3d62e0094ba70affected
5.17affected
< 5.17unaffected
6.1.107≤ 6.1.*unaffected
6.6.48≤ 6.6.*unaffected
… +2 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2024-45000 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
fs/netfs/fscache_cookie: add missing "n_accesses" check
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_rreq_write_to_cache_work RIP: 0010:cachefiles_prepare_write+0x30/0xa0 Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10 RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286 RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000 RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438 RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001 R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68 R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00 FS: 0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x15d/0x440 ? search_module_extables+0xe/0x40 ? fixup_exception+0x22/0x2f0 ? exc_page_fault+0x5f/0x100 ? asm_exc_page_fault+0x22/0x30 ? cachefiles_prepare_write+0x30/0xa0 netfs_rreq_write_to_cache_work+0x135/0x2e0 process_one_work+0x137/0x2c0 worker_thread+0x2e9/0x400 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- This happened because fscache_cookie_state_machine() was slow and was still running while another process invoked fscache_unuse_cookie(); this led to a fscache_cookie_lru_do_one() call, setting the FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by fscache_cookie_state_machine(), withdrawing the cookie via cachefiles_withdraw_cookie(), clearing cookie->cache_priv. At the same time, yet another process invoked cachefiles_prepare_write(), which found a NULL pointer in this code line: struct cachefiles_object *object = cachefiles_cres_object(cres); The next line crashes, obviously: struct cachefiles_cache *cache = object->volume->cache; During cachefiles_prepare_write(), the "n_accesses" counter is non-zero (via fscache_begin_operation()). The cookie must not be withdrawn until it drops to zero. The counter is checked by fscache_cookie_state_machine() before switching to FSCACHE_COOKIE_STATE_RELINQUISHING and FSCACHE_COOKIE_STATE_WITHDRAWING (in "case FSCACHE_COOKIE_STATE_FAILED"), but not for FSCACHE_COOKIE_STATE_LRU_DISCARDING ("case FSCACHE_COOKIE_STATE_ACTIVE"). This patch adds the missing check. With a non-zero access counter, the function returns and the next fscache_end_cookie_access() call will queue another fscache_cookie_state_machine() call to handle the still-pending FSCACHE_COOKIE_DO_LRU_DISCARD.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于fs/netfs/fscache_cookie组件存在空指针解引用漏洞。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 12bb21a29c19aae50cfad4e2bb5c943108f34a7d ~ b8a50877f68efdcc0be3fcc5116e00c31b90e45b -
LinuxLinux 5.17 -

二、漏洞 CVE-2024-45000 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-45000 的情报信息

登录查看更多情报信息。

CVE-2024-45000 补丁与修复 (3)

同批安全公告 · Linux · 2024-09-04 · 共 58 条

CVE-2024-44989Linux kernel 安全漏洞
CVE-2024-45002Linux kernel 安全漏洞
CVE-2024-45006Linux kernel 安全漏洞
CVE-2024-45004Linux kernel 安全漏洞
CVE-2024-45003Linux kernel 安全漏洞
CVE-2024-45005Linux kernel 安全漏洞
CVE-2024-44993Linux kernel 安全漏洞
CVE-2024-44992Linux kernel 安全漏洞
CVE-2024-44990Linux kernel 安全漏洞
CVE-2024-44991Linux kernel 安全漏洞
CVE-2024-44994Linux kernel 安全漏洞
CVE-2024-44988Linux kernel 安全漏洞
CVE-2024-44987Linux kernel 安全漏洞
CVE-2024-44986Linux kernel 安全漏洞
CVE-2024-44985Linux kernel 安全漏洞
CVE-2024-44983Linux kernel 安全漏洞
CVE-2024-44984Linux kernel 安全漏洞
CVE-2024-44982Linux kernel 安全漏洞
CVE-2024-44981Linux kernel 安全漏洞
CVE-2024-44980Linux kernel 安全漏洞

显示前 20 条,共 58 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2024-45000

暂无评论


发表评论