Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2024 / CVE-2024-49854.json
blob: 312d1712757646977cebaedbe84161221b195f08 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix uaf for accessing waker_bfqq after splitting\n\nAfter commit 42c306ed7233 (\"block, bfq: don't break merge chain in\nbfq_split_bfqq()\"), if the current procress is the last holder of bfqq,\nthe bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and\nthen access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq\nmay in the merge chain of bfqq, hence just recored waker_bfqq is still\nnot safe.\n\nFix the problem by adding a helper bfq_waker_bfqq() to check if\nbfqq->waker_bfqq is in the merge chain, and current procress is the only\nholder."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"block/bfq-iosched.c"
],
"versions": [
{
"version": "e0c20d88b7dce85d2703bb6ba77bf359959675cd",
"lessThan": "63a07379fdb6c72450cb05294461c6016b8b7726",
"status": "affected",
"versionType": "git"
},
{
"version": "de6c5e3a456019d2182e345730e59721714fa0b5",
"lessThan": "de0456460f2abf921e356ed2bd8da87a376680bd",
"status": "affected",
"versionType": "git"
},
{
"version": "19f3bec2ac4be329b9bd12b18a989b867618d2d8",
"lessThan": "0780451f03bf518bc032a7c584de8f92e2d39d7f",
"status": "affected",
"versionType": "git"
},
{
"version": "13b3d0e8cb121f99b11918a0d4bcc1ce4647d352",
"lessThan": "0b8bda0ff17156cd3f60944527c9d8c9f99f1583",
"status": "affected",
"versionType": "git"
},
{
"version": "4780f50ea50cfe8e89fc3747bf3dd155488433bb",
"lessThan": "cae58d19121a70329cf971359e2518c93fec04fe",
"status": "affected",
"versionType": "git"
},
{
"version": "42c306ed723321af4003b2a41bb73728cab54f85",
"lessThan": "1ba0403ac6447f2d63914fb760c44a3b19c44eaf",
"status": "affected",
"versionType": "git"
},
{
"version": "9e813033594b141f61ff0ef0cfaaef292564b041",
"status": "affected",
"versionType": "git"
},
{
"version": "3a5f45a4ad4e1fd36b0a998eef03d76a4f02a2a8",
"status": "affected",
"versionType": "git"
},
{
"version": "3630a18846c7853aa326d3b42fd0a855af7b41bc",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"block/bfq-iosched.c"
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.323"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.285"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.227"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/63a07379fdb6c72450cb05294461c6016b8b7726"
},
{
"url": "https://git.kernel.org/stable/c/de0456460f2abf921e356ed2bd8da87a376680bd"
},
{
"url": "https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f"
},
{
"url": "https://git.kernel.org/stable/c/0b8bda0ff17156cd3f60944527c9d8c9f99f1583"
},
{
"url": "https://git.kernel.org/stable/c/cae58d19121a70329cf971359e2518c93fec04fe"
},
{
"url": "https://git.kernel.org/stable/c/1ba0403ac6447f2d63914fb760c44a3b19c44eaf"
}
],
"title": "block, bfq: fix uaf for accessing waker_bfqq after splitting",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-49854",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}