cve/published/2024/CVE-2024-49975.mbox

From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2024-49975: uprobes: fix kernel info leak via "[uprobes]" vma

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

uprobes: fix kernel info leak via "[uprobes]" vma

xol_add_vma() maps the uninitialized page allocated by __create_xol_area()
into userspace. On some architectures (x86) this memory is readable even
without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ,
although this doesn't really matter, debugger can read this memory anyway.

The Linux kernel CVE team has assigned CVE-2024-49975 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 4.19.323 with commit f31f92107e5a8ecc8902705122c594e979a351fe
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 5.4.285 with commit fe5e9182d3e227476642ae2b312e2356c4d326a3
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 5.10.227 with commit f561b48d633ac2e7d0d667020fc634a96ade33a0
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 5.15.168 with commit 21cb47db1ec9765f91304763a24565ddc22d2492
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 6.1.113 with commit 24141df5a8615790950deedd926a44ddf1dfd6d8
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 6.6.55 with commit 5b981d8335e18aef7908a068529a3287258ff6d8
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 6.10.14 with commit 2aa45f43709ba2082917bd2973d02687075b6eee
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 6.11.3 with commit 9634e8dc964a4adafa7e1535147abd7ec29441a6
	Issue introduced in 3.5 with commit d4b3b6384f98f8692ad0209891ccdbc7e78bbefe and fixed in 6.12 with commit 34820304cc2cd1804ee1f8f3504ec77813d29c8e

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-49975
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	kernel/events/uprobes.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/f31f92107e5a8ecc8902705122c594e979a351fe
	https://git.kernel.org/stable/c/fe5e9182d3e227476642ae2b312e2356c4d326a3
	https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0
	https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492
	https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8
	https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8
	https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee
	https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6
	https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e