CVE-2024-55916— Linux kernel 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-55916 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP (or VSS) daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hv_utils: Registering HyperV Utility Driver hv_vmbus: registering driver hv_utils ... BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 44 UID: 0 PID: 2552 Comm: hv_kvp_daemon Tainted: G E 6.11.0-rc3+ #1 RIP: 0010:hv_pkt_iter_first+0x12/0xd0 Call Trace: ... vmbus_recvpacket hv_kvp_onchannelcallback vmbus_on_event tasklet_action_common tasklet_action handle_softirqs irq_exit_rcu sysvec_hyperv_stimer0 </IRQ> <TASK> asm_sysvec_hyperv_stimer0 ... kvp_register_done hvt_op_read vfs_read ksys_read __x64_sys_read This can happen because the KVP/VSS channel callback can be invoked even before the channel is fully opened: 1) as soon as hv_kvp_init() -> hvutil_transport_init() creates /dev/vmbus/hv_kvp, the kvp daemon can open the device file immediately and register itself to the driver by writing a message KVP_OP_REGISTER1 to the file (which is handled by kvp_on_msg() ->kvp_handle_handshake()) and reading the file for the driver's response, which is handled by hvt_op_read(), which calls hvt->on_read(), i.e. kvp_register_done(). 2) the problem with kvp_register_done() is that it can cause the channel callback to be called even before the channel is fully opened, and when the channel callback is starting to run, util_probe()-> vmbus_open() may have not initialized the ringbuffer yet, so the callback can hit the panic of NULL pointer dereference. To reproduce the panic consistently, we can add a "ssleep(10)" for KVP in __vmbus_open(), just before the first hv_ringbuffer_init(), and then we unload and reload the driver hv_utils, and run the daemon manually within the 10 seconds. Fix the panic by reordering the steps in util_probe() so the char dev entry used by the KVP or VSS daemon is not created until after vmbus_open() has completed. This reordering prevents the race condition from happening.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于Hyper-V Utility Driver在VMBus通道的ringbuffer未完全初始化前启动,可能导致内核崩溃。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2024-55916 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-55916 的情报信息
请登录查看更多情报信息。
同批安全公告 · Linux · 2025-01-11 · 共 67 条
| CVE-2024-57793 | Linux kernel 安全漏洞 | |
| CVE-2024-57878 | Linux kernel 安全漏洞 | |
| CVE-2024-57877 | Linux kernel 安全漏洞 | |
| CVE-2024-57876 | Linux kernel 安全漏洞 | |
| CVE-2024-57806 | Linux kernel 安全漏洞 | |
| CVE-2024-57805 | Linux kernel 安全漏洞 | |
| CVE-2024-57804 | Linux kernel 安全漏洞 | |
| CVE-2024-57800 | Linux kernel 安全漏洞 | |
| CVE-2024-57799 | Linux kernel 安全漏洞 | |
| CVE-2024-57798 | Linux kernel 安全漏洞 | |
| CVE-2024-57807 | Linux kernel 安全漏洞 | |
| CVE-2024-57792 | Linux kernel 安全漏洞 | |
| CVE-2024-57791 | Linux kernel 安全漏洞 | |
| CVE-2024-56788 | Linux kernel 安全漏洞 | |
| CVE-2024-56372 | Linux kernel 安全漏洞 | |
| CVE-2024-56369 | Linux kernel 安全漏洞 | |
| CVE-2024-56368 | Linux kernel 安全漏洞 | |
| CVE-2024-55881 | Linux kernel 安全漏洞 | |
| CVE-2024-54193 | Linux kernel 安全漏洞 | |
| CVE-2024-54455 | Linux kernel 安全漏洞 |
显示前 20 条,共 67 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-55916
暂无评论