Lucene search

K
cvelistLinuxCVELIST:CVE-2024-35846
HistoryMay 17, 2024 - 2:47 p.m.

CVE-2024-35846 mm: zswap: fix shrinker NULL crash with cgroup_disable=memory

2024-05-1714:47:25
Linux
www.cve.org
linux kernel
zswap
fix
shrinker
null crash
cgroup_disable=memory
vulnerability
christian
bisected
libguestfs
red hat bugzilla
memcg
null deref
bug tracker
crash
memcg-disabled
reproducibility
issue
github
bugzilla

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

In the Linux kernel, the following vulnerability has been resolved:

mm: zswap: fix shrinker NULL crash with cgroup_disable=memory

Christian reports a NULL deref in zswap that he bisected down to the zswap
shrinker. The issue also cropped up in the bug trackers of libguestfs [1]
and the Red Hat bugzilla [2].

The problem is that when memcg is disabled with the boot time flag, the
zswap shrinker might get called with sc->memcg == NULL. This is okay in
many places, like the lruvec operations. But it crashes in
memcg_page_state() - which is only used due to the non-node accounting of
cgroup’s the zswap memory to begin with.

Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I
was then able to reproduce the crash locally as well.

[1] https://github.com/libguestfs/libguestfs/issues/139
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "mm/zswap.c"
    ],
    "versions": [
      {
        "version": "b5ba474f3f51",
        "lessThan": "b0fdabc908a7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b5ba474f3f51",
        "lessThan": "682886ec69d2",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "mm/zswap.c"
    ],
    "versions": [
      {
        "version": "6.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.8",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.9",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-35846