Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2024-53128— sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers

EPSS 0.02% · P6

Affected Version Matrix 12

VendorProductVersion RangeStatus
LinuxLinuxcae9dc35ed9ff82a99754e51d57ff6c332e1f7e4< 82e813b12b10ff705f3f5d600d8492fc5248618baffected
cae9dc35ed9ff82a99754e51d57ff6c332e1f7e4< 397383db9c69470642ac95beb04f2150928d663baffected
cae9dc35ed9ff82a99754e51d57ff6c332e1f7e4< 2d2b19ed4169c38dc6c61a186c5f7bdafc709691affected
cae9dc35ed9ff82a99754e51d57ff6c332e1f7e4< fbfe23012cec509dfbe09852019c4e4bb84999d0affected
cae9dc35ed9ff82a99754e51d57ff6c332e1f7e4< fd7b4f9f46d46acbc7af3a439bb0d869efdc5c58affected
5.9affected
< 5.9unaffected
5.15.181≤ 5.15.*unaffected
… +4 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-53128

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. This discrepancy can lead to incorrect stack object detection and subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled. Example of the warning: ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4 Hardware name: linux,dummy-virt (DT) pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __debug_object_init+0x330/0x364 lr : __debug_object_init+0x330/0x364 sp : ffff800082ea7b40 x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534 x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0 x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418 x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000 x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800 x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4 x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050 Call trace: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ------------[ cut here ]------------
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于sched/task_stack模块中KASAN标记指针的对象_is_on_stack函数可能产生不正确的结果,导致错误的堆栈对象检测和警告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux cae9dc35ed9ff82a99754e51d57ff6c332e1f7e4 ~ 82e813b12b10ff705f3f5d600d8492fc5248618b -
LinuxLinux 5.9 -

II. Public POCs for CVE-2024-53128

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-53128

登录查看更多情报信息。
Patch · 1

Same Patch Batch · Linux · 2024-12-04 · 16 CVEs total

CVE-2024-53125bpf: sync_linked_regs() must preserve subreg_def
CVE-2024-53126vdpa: solidrun: Fix UB bug with devres
CVE-2024-53127Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
CVE-2024-53129drm/rockchip: vop: Fix a dereferenced before check warning
CVE-2024-53130nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
CVE-2024-53131nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
CVE-2024-53132drm/xe/oa: Fix "Missing outer runtime PM protection" warning
CVE-2024-53133drm/amd/display: Handle dml allocation failure to avoid crash
CVE-2024-53134pmdomain: imx93-blk-ctrl: correct remove path
CVE-2024-53135KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN
CVE-2024-53136mm: revert "mm: shmem: fix data-race in shmem_getattr()"
CVE-2024-53138net/mlx5e: kTLS, Fix incorrect page refcounting
CVE-2024-53137ARM: fix cacheflush with PAN
CVE-2024-53139sctp: fix possible UAF in sctp_v6_available()
CVE-2024-53140netlink: terminate outstanding dump on socket close

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-53128

No comments yet

Leave a comment