cve/published/2024/CVE-2024-49936.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net/xen-netback: prevent UAF in xenvif_flush_hash()

 During the list_for_each_entry_rcu iteration call of xenvif_flush_hash,
 kfree_rcu does not exist inside the rcu read critical section, so if
 kfree_rcu is called when the rcu grace period ends during the iteration,
 UAF occurs when accessing head->next after the entry becomes free.

 Therefore, to solve this, you need to change it to list_for_each_entry_safe.

 The Linux kernel CVE team has assigned CVE-2024-49936 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 5.4.290 with commit 3c4423b0c4b98213b3438e15061e1d08220e6982
 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 5.10.227 with commit a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c
 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 5.15.168 with commit a0465723b8581cad27164c9073fd780904cd22d4
 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.1.113 with commit efcff6ce7467f01f0753609f420333f3f2ceceda
 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.6.55 with commit 143edf098b80669d05245b2f2367dd156a83a2c5
 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.10.14 with commit d408889d4b54f5501e4becc4dbbb9065143fbf4e
 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.11.3 with commit 54d8639af5568fc41c0e274fc3ec9cf86c59fcbb
 	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.12 with commit 0fa5e94a1811d68fbffa0725efe6d4ca62c03d12

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-49936
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/xen-netback/hash.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/3c4423b0c4b98213b3438e15061e1d08220e6982
 	https://git.kernel.org/stable/c/a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c
 	https://git.kernel.org/stable/c/a0465723b8581cad27164c9073fd780904cd22d4
 	https://git.kernel.org/stable/c/efcff6ce7467f01f0753609f420333f3f2ceceda
 	https://git.kernel.org/stable/c/143edf098b80669d05245b2f2367dd156a83a2c5
 	https://git.kernel.org/stable/c/d408889d4b54f5501e4becc4dbbb9065143fbf4e
 	https://git.kernel.org/stable/c/54d8639af5568fc41c0e274fc3ec9cf86c59fcbb
 	https://git.kernel.org/stable/c/0fa5e94a1811d68fbffa0725efe6d4ca62c03d12
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net/xen-netback: prevent UAF in xenvif_flush_hash()

	During the list_for_each_entry_rcu iteration call of xenvif_flush_hash,
	kfree_rcu does not exist inside the rcu read critical section, so if
	kfree_rcu is called when the rcu grace period ends during the iteration,
	UAF occurs when accessing head->next after the entry becomes free.

	Therefore, to solve this, you need to change it to list_for_each_entry_safe.

	The Linux kernel CVE team has assigned CVE-2024-49936 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 5.4.290 with commit 3c4423b0c4b98213b3438e15061e1d08220e6982
	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 5.10.227 with commit a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c
	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 5.15.168 with commit a0465723b8581cad27164c9073fd780904cd22d4
	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.1.113 with commit efcff6ce7467f01f0753609f420333f3f2ceceda
	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.6.55 with commit 143edf098b80669d05245b2f2367dd156a83a2c5
	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.10.14 with commit d408889d4b54f5501e4becc4dbbb9065143fbf4e
	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.11.3 with commit 54d8639af5568fc41c0e274fc3ec9cf86c59fcbb
	Issue introduced in 4.11 with commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398 and fixed in 6.12 with commit 0fa5e94a1811d68fbffa0725efe6d4ca62c03d12

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-49936
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/xen-netback/hash.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/3c4423b0c4b98213b3438e15061e1d08220e6982
	https://git.kernel.org/stable/c/a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c
	https://git.kernel.org/stable/c/a0465723b8581cad27164c9073fd780904cd22d4
	https://git.kernel.org/stable/c/efcff6ce7467f01f0753609f420333f3f2ceceda
	https://git.kernel.org/stable/c/143edf098b80669d05245b2f2367dd156a83a2c5
	https://git.kernel.org/stable/c/d408889d4b54f5501e4becc4dbbb9065143fbf4e
	https://git.kernel.org/stable/c/54d8639af5568fc41c0e274fc3ec9cf86c59fcbb
	https://git.kernel.org/stable/c/0fa5e94a1811d68fbffa0725efe6d4ca62c03d12