cve/published/2024/CVE-2024-38577.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-38577: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

 There is a possibility of buffer overflow in
 show_rcu_tasks_trace_gp_kthread() if counters, passed
 to sprintf() are huge. Counter numbers, needed for this
 are unrealistically high, but buffer overflow is still
 possible.

 Use snprintf() with buffer size instead of sprintf().

 Found by Linux Verification Center (linuxtesting.org) with SVACE.

 The Linux kernel CVE team has assigned CVE-2024-38577 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 5.10.226 with commit 17c43211d45f13d1badea3942b76bf16bcc49281
 	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 5.15.167 with commit af7b560c88fb420099e29890aa682b8a3efc8784
 	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.1.93 with commit 08186d0c5fb64a1cc4b43e009314ee6b173ed222
 	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.6.33 with commit 32d988f48ed287e676a29a15ac30701c35849aec
 	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.8.12 with commit 6593d857ce5b5b802fb73d8091ac9c84b92c1697
 	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.9.3 with commit 1a240e138071b25944ded0f5b3e357aa99fabcb7
 	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.10 with commit cc5645fddb0ce28492b15520306d092730dffa48

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-38577
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	kernel/rcu/tasks.h


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281
 	https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784
 	https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222
 	https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec
 	https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697
 	https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7
 	https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d092730dffa48
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-38577: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

	There is a possibility of buffer overflow in
	show_rcu_tasks_trace_gp_kthread() if counters, passed
	to sprintf() are huge. Counter numbers, needed for this
	are unrealistically high, but buffer overflow is still
	possible.

	Use snprintf() with buffer size instead of sprintf().

	Found by Linux Verification Center (linuxtesting.org) with SVACE.

	The Linux kernel CVE team has assigned CVE-2024-38577 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 5.10.226 with commit 17c43211d45f13d1badea3942b76bf16bcc49281
	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 5.15.167 with commit af7b560c88fb420099e29890aa682b8a3efc8784
	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.1.93 with commit 08186d0c5fb64a1cc4b43e009314ee6b173ed222
	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.6.33 with commit 32d988f48ed287e676a29a15ac30701c35849aec
	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.8.12 with commit 6593d857ce5b5b802fb73d8091ac9c84b92c1697
	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.9.3 with commit 1a240e138071b25944ded0f5b3e357aa99fabcb7
	Issue introduced in 5.8 with commit edf3775f0ad66879796f594983163f672c4bf1a2 and fixed in 6.10 with commit cc5645fddb0ce28492b15520306d092730dffa48

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-38577
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	kernel/rcu/tasks.h


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281
	https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784
	https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222
	https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec
	https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697
	https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7
	https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d092730dffa48