CVE-2024-50182— Linux kernel 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2024-50182の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
secretmem: disable memfd_secret() if arch cannot set direct map
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not present can only be done if the direct map is set up at 4k granularity in the first place (as ARM's break-before-make semantics do not easily allow breaking apart large/gigantic pages). More precisely, on arm64 systems with !can_set_direct_map(), set_direct_map_invalid_noflush() is a no-op, however it returns success (0) instead of an error. This means that memfd_secret will seemingly "work" (e.g. syscall succeeds, you can mmap the fd and fault in pages), but it does not actually achieve its goal of removing its memory from the direct map. Note that with this patch, memfd_secret() will start erroring on systems where can_set_direct_map() returns false (arm64 with CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n and CONFIG_KFENCE=n), but that still seems better than the current silent failure. Since CONFIG_RODATA_FULL_DEFAULT_ENABLED defaults to 'y', most arm64 systems actually have a working memfd_secret() and aren't be affected. From going through the iterations of the original memfd_secret patch series, it seems that disabling the syscall in these scenarios was the intended behavior [1] (preferred over having set_direct_map_invalid_noflush return an error as that would result in SIGBUSes at page-fault time), however the check for it got dropped between v16 [2] and v17 [3], when secretmem moved away from CMA allocations. [1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/ [2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t [3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于无法直接映射时memfd_secret函数调用问题。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2024-50182の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2024-50182のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-11-08 · 38 CVEs total
| CVE-2024-50203 | bpf, arm64: Fix address emission with tag-based KASAN enabled | |
| CVE-2024-50194 | arm64: probes: Fix uprobes for big-endian kernels | |
| CVE-2024-50195 | posix-clock: Fix missing timespec64 check in pc_clock_settime() | |
| CVE-2024-50196 | pinctrl: ocelot: fix system hang on level based interrupts | |
| CVE-2024-50197 | pinctrl: intel: platform: fix error path in device_for_each_child_node() | |
| CVE-2024-50198 | iio: light: veml6030: fix IIO device retrieval from embedded device | |
| CVE-2024-50199 | mm/swapfile: skip HugeTLB pages for unuse_vma | |
| CVE-2024-50200 | maple_tree: correct tree corruption on spanning store | |
| CVE-2024-50201 | drm/radeon: Fix encoder->possible_clones | |
| CVE-2024-50202 | nilfs2: propagate directory read errors from nilfs_find_entry() | |
| CVE-2024-50193 | x86/entry_32: Clear CPU buffers after register restore in NMI return | |
| CVE-2024-50204 | fs: don't try and remove empty rbtree node | |
| CVE-2024-50205 | ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() | |
| CVE-2024-50206 | net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init | |
| CVE-2024-50207 | ring-buffer: Fix reader locking when changing the sub buffer order | |
| CVE-2024-50209 | RDMA/bnxt_re: Add a check for memory allocation | |
| CVE-2024-50208 | RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages | |
| CVE-2024-50210 | posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() | |
| CVE-2024-50211 | udf: refactor inode_bmap() to handle error | |
| CVE-2024-50184 | virtio_pmem: Check device status before requesting flush |
Showing 20 of 38 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
同じベンダー: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. CVE-2024-50182へのコメント
まだコメントはありません