Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / rejected / 2024 / CVE-2024-36907.json
blob: e2c4c40c71b508bd962c6516fd8e9751d25e3280 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: add a missing rpc_stat for TCP TLS\n\nCommit 1548036ef120 (\"nfs: make the rpc_stat per net namespace\") added\nfunctionality to specify rpc_stats function but missed adding it to the\nTCP TLS functionality. As the result, mounting with xprtsec=tls lead to\nthe following kernel oops.\n\n[ 128.984192] Unable to handle kernel NULL pointer dereference at\nvirtual address 000000000000001c\n[ 128.985058] Mem abort info:\n[ 128.985372] ESR = 0x0000000096000004\n[ 128.985709] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 128.986176] SET = 0, FnV = 0\n[ 128.986521] EA = 0, S1PTW = 0\n[ 128.986804] FSC = 0x04: level 0 translation fault\n[ 128.987229] Data abort info:\n[ 128.987597] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 128.988169] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 128.988811] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 128.989302] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106c84000\n[ 128.990048] [000000000000001c] pgd=0000000000000000, p4d=0000000000000000\n[ 128.990736] Internal error: Oops: 0000000096000004 [#1] SMP\n[ 128.991168] Modules linked in: nfs_layout_nfsv41_files\nrpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs\nuinput dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill\nip_set nf_tables nfnetlink qrtr vsock_loopback\nvmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock\nsunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc\nvideobuf2_v4l2 videodev videobuf2_common mc vmw_vmci xfs libcrc32c\ne1000e crct10dif_ce ghash_ce sha2_ce vmwgfx nvme sha256_arm64\nnvme_core sr_mod cdrom sha1_ce drm_ttm_helper ttm drm_kms_helper drm\nsg fuse\n[ 128.996466] CPU: 0 PID: 179 Comm: kworker/u4:26 Kdump: loaded Not\ntainted 6.8.0-rc6+ #12\n[ 128.997226] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS\nVMW201.00V.21805430.BA64.2305221830 05/22/2023\n[ 128.998084] Workqueue: xprtiod xs_tcp_tls_setup_socket [sunrpc]\n[ 128.998701] pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 128.999384] pc : call_start+0x74/0x138 [sunrpc]\n[ 128.999809] lr : __rpc_execute+0xb8/0x3e0 [sunrpc]\n[ 129.000244] sp : ffff8000832b3a00\n[ 129.000508] x29: ffff8000832b3a00 x28: ffff800081ac79c0 x27: ffff800081ac7000\n[ 129.001111] x26: 0000000004248060 x25: 0000000000000000 x24: ffff800081596008\n[ 129.001757] x23: ffff80007b087240 x22: ffff00009a509d30 x21: 0000000000000000\n[ 129.002345] x20: ffff000090075600 x19: ffff00009a509d00 x18: ffffffffffffffff\n[ 129.002912] x17: 733d4d4554535953 x16: 42555300312d746e x15: ffff8000832b3a88\n[ 129.003464] x14: ffffffffffffffff x13: ffff8000832b3a7d x12: 0000000000000008\n[ 129.004021] x11: 0101010101010101 x10: ffff8000150cb560 x9 : ffff80007b087c00\n[ 129.004577] x8 : ffff00009a509de0 x7 : 0000000000000000 x6 : 00000000be8c4ee3\n[ 129.005026] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff000094d56680\n[ 129.005425] x2 : ffff80007b0637f8 x1 : ffff000090075600 x0 : ffff00009a509d00\n[ 129.005824] Call trace:\n[ 129.005967] call_start+0x74/0x138 [sunrpc]\n[ 129.006233] __rpc_execute+0xb8/0x3e0 [sunrpc]\n[ 129.006506] rpc_execute+0x160/0x1d8 [sunrpc]\n[ 129.006778] rpc_run_task+0x148/0x1f8 [sunrpc]\n[ 129.007204] tls_probe+0x80/0xd0 [sunrpc]\n[ 129.007460] rpc_ping+0x28/0x80 [sunrpc]\n[ 129.007715] rpc_create_xprt+0x134/0x1a0 [sunrpc]\n[ 129.007999] rpc_create+0x128/0x2a0 [sunrpc]\n[ 129.008264] xs_tcp_tls_setup_socket+0xdc/0x508 [sunrpc]\n[ 129.008583] process_one_work+0x174/0x3c8\n[ 129.008813] worker_thread+0x2c8/0x3e0\n[ 129.009033] kthread+0x100/0x110\n[ 129.009225] ret_from_fork+0x10/0x20\n[ 129.009432] Code: f0ffffc2 911fe042 aa1403e1 aa1303e0 (b9401c83)"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/sunrpc/xprtsock.c"
],
"versions": [
{
"version": "260333221cf0b2ec946001fb1c0b5a06ca41d14d",
"lessThan": "9b332c72299f2ac284ab3d7c0301969b933e4ca1",
"status": "affected",
"versionType": "git"
},
{
"version": "e9f9ceb3cca1b37ce82595cac46cc30cba0a4812",
"lessThan": "024f7744bd09cb2a47a0a96b9c8ad08109de99cc",
"status": "affected",
"versionType": "git"
},
{
"version": "1548036ef1204df65ca5a16e8b199c858cb80075",
"lessThan": "8e088a20dbe33919695a8082c0b32deb62d23b4a",
"status": "affected",
"versionType": "git"
},
{
"version": "19f51adc778fb84c2eb07eb71800fb0d9f0ff13a",
"status": "affected",
"versionType": "git"
},
{
"version": "afdbc21a92a0cdc497d8879aeff7b284094fae02",
"status": "affected",
"versionType": "git"
},
{
"version": "7ceb89f4016ea6ed3e59b015d4200739d45c790e",
"status": "affected",
"versionType": "git"
},
{
"version": "2b7f2d663a965943e8820b6a40cc2abe2eee7431",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/sunrpc/xprtsock.c"
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.276"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.217"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.159"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.91"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/9b332c72299f2ac284ab3d7c0301969b933e4ca1"
},
{
"url": "https://git.kernel.org/stable/c/024f7744bd09cb2a47a0a96b9c8ad08109de99cc"
},
{
"url": "https://git.kernel.org/stable/c/8e088a20dbe33919695a8082c0b32deb62d23b4a"
}
],
"title": "SUNRPC: add a missing rpc_stat for TCP TLS",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-36907",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}