目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2024-50002— Linux kernel 安全漏洞

AI 预测 3.3 利用难度: 困难 EPSS 0.24% · P14

可能的 ATT&CK 技术 1AI

T1200 · Hardware Additions

影响版本矩阵 14

厂商产品版本范围状态
LinuxLinux9183c3f9ed710a8edf1a61e8a96d497258d26e08< ed4c8ce0f307f2ab8778aeb40a8866d171e8f128affected
9183c3f9ed710a8edf1a61e8a96d497258d26e08< b566c7d8a2de403ccc9d8a06195e19bbb386d0e4affected
9183c3f9ed710a8edf1a61e8a96d497258d26e08< c0abbbe8c98c077292221ec7e2baa667c9f0974caffected
9183c3f9ed710a8edf1a61e8a96d497258d26e08< 2b494471797bff3d257e99dc0a7abb0c5ff3b4cdaffected
9183c3f9ed710a8edf1a61e8a96d497258d26e08< 9c48c2b53191bf991361998f5bb97b8f2fc5a89caffected
9183c3f9ed710a8edf1a61e8a96d497258d26e08< 4b30051c4864234ec57290c3d142db7c88f10d8aaffected
5.10affected
< 5.10unaffected
… +6 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2024-50002 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
static_call: Handle module init failure correctly in static_call_del_module()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. static_call_add_module() invokes __static_call_init(), which allocates a struct static_call_mod to either encapsulate the built-in static call sites of the associated key into it so further modules can be added or to append the module to the module chain. If that allocation fails the function returns with an error code and the module core invokes static_call_del_module() to clean up eventually added static_call_mod entries. This works correctly, when all keys used by the module were converted over to a module chain before the failure. If not then static_call_del_module() causes a #GP as it blindly assumes that key::mods points to a valid struct static_call_mod. The problem is that key::mods is not a individual struct member of struct static_call_key, it's part of a union to save space: union { /* bit 0: 0 = mods, 1 = sites */ unsigned long type; struct static_call_mod *mods; struct static_call_site *sites; }; key::sites is a pointer to the list of built-in usage sites of the static call. The type of the pointer is differentiated by bit 0. A mods pointer has the bit clear, the sites pointer has the bit set. As static_call_del_module() blidly assumes that the pointer is a valid static_call_mod type, it fails to check for this failure case and dereferences the pointer to the list of built-in call sites, which is obviously bogus. Cure it by checking whether the key has a sites or a mods pointer. If it's a sites pointer then the key is not to be touched. As the sites are walked in the same order as in __static_call_init() the site walk can be terminated because all subsequent sites have not been touched by the init code due to the error exit. If it was converted before the allocation fail, then the inner loop which searches for a module match will find nothing. A fail in the second allocation in __static_call_init() is harmless and does not require special treatment. The first allocation succeeded and converted the key to a module chain. That first entry has mod::mod == NULL and mod::next == NULL, so the inner loop of static_call_del_module() will neither find a module match nor a module chain. The next site in the walk was either already converted, but can't match the module, or it will exit the outer loop because it has a static_call_site pointer and not a static_call_mod pointer.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于static_call在模块初始化失败时处理不当可能导致的广义指针错误引用。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 9183c3f9ed710a8edf1a61e8a96d497258d26e08 ~ ed4c8ce0f307f2ab8778aeb40a8866d171e8f128 -
LinuxLinux 5.10 -

二、漏洞 CVE-2024-50002 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-50002 的情报信息

登录查看更多情报信息。

CVE-2024-50002 补丁与修复 (4)

同批安全公告 · Linux · 2024-10-21 · 共 372 条

CVE-2024-50019Linux kernel 安全漏洞
CVE-2024-50030Linux kernel 安全漏洞
CVE-2024-50028Linux kernel 安全漏洞
CVE-2024-50029Linux kernel 安全漏洞
CVE-2024-50027Linux kernel 安全漏洞
CVE-2024-50025Linux kernel 安全漏洞
CVE-2024-50026Linux kernel 安全漏洞
CVE-2024-50023Linux kernel 安全漏洞
CVE-2024-50024Linux kernel 安全漏洞
CVE-2024-50022Linux kernel 安全漏洞
CVE-2024-50021Linux kernel 安全漏洞
CVE-2024-50020Linux kernel 安全漏洞
CVE-2024-50011Linux kernel 安全漏洞
CVE-2024-50006Linux kernel 安全漏洞
CVE-2024-50007Linux kernel 安全漏洞
CVE-2024-50008Linux kernel 安全漏洞
CVE-2024-50009Linux kernel 安全漏洞
CVE-2024-50010Linux kernel 安全漏洞
CVE-2024-50014Linux kernel 安全漏洞
CVE-2024-50017Linux kernel 安全漏洞

显示前 20 条,共 372 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2024-50002

暂无评论


发表评论