In the Linux kernel, the following vulnerability has been resolved:
kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
Read from an unsafe address with copy_from_kernel_nofault() in
arch_adjust_kprobe_addr() because this function is used before checking the
address is in text or not. Syzcaller bot found a bug and reported the case
if user specifies inaccessible data area, arch_adjust_kprobe_addr() will
cause a kernel panic. [ mingo: Clarified the comment. ]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1008.8 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < 6.8.0-1008.9 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < 6.8.0-1004.7 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < 6.8.0-1006.6 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-lowlatency | < 6.8.0-35.35.1 | UNKNOWN |
git.kernel.org/linus/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b (6.9-rc1)
git.kernel.org/stable/c/20fdb21eabaeb8f78f8f701f56d14ea0836ec861
git.kernel.org/stable/c/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b
git.kernel.org/stable/c/6417684315087904fffe8966d27ca74398c57dd6
git.kernel.org/stable/c/b69f577308f1070004cafac106dd1a44099e5483
git.kernel.org/stable/c/f13edd1871d4fb4ab829aff629d47914e251bae3
launchpad.net/bugs/cve/CVE-2024-26946
nvd.nist.gov/vuln/detail/CVE-2024-26946
security-tracker.debian.org/tracker/CVE-2024-26946
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
ubuntu.com/security/notices/USN-6878-1
www.cve.org/CVERecord?id=CVE-2024-26946