cve/published/2024/CVE-2024-53172.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ubi: fastmap: Fix duplicate slab cache names while attaching

 Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when
 DEBUG_VM=y"), the duplicate slab cache names can be detected and a
 kernel WARNING is thrown out.
 In UBI fast attaching process, alloc_ai() could be invoked twice
 with the same slab cache name 'ubi_aeb_slab_cache', which will trigger
 following warning messages:
  kmem_cache of name 'ubi_aeb_slab_cache' already exists
  WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107
           __kmem_cache_create_args+0x100/0x5f0
  Modules linked in: ubi(+) nandsim [last unloaded: nandsim]
  CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2
  RIP: 0010:__kmem_cache_create_args+0x100/0x5f0
  Call Trace:
    __kmem_cache_create_args+0x100/0x5f0
    alloc_ai+0x295/0x3f0 [ubi]
    ubi_attach+0x3c3/0xcc0 [ubi]
    ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi]
    ubi_init+0x3fb/0x800 [ubi]
    do_init_module+0x265/0x7d0
    __x64_sys_finit_module+0x7a/0xc0

 The problem could be easily reproduced by loading UBI device by fastmap
 with CONFIG_DEBUG_VM=y.
 Fix it by using different slab names for alloc_ai() callers.

 The Linux kernel CVE team has assigned CVE-2024-53172 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 4.19.325 with commit ef52b7191ac41e68b1bf070d00c5b04ed16e4920
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.4.287 with commit 871c148f8e0c32e505df9393ba4a303c3c3fe988
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.10.231 with commit 04c0b0f37617099479c34e207c5550d081f585a6
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.15.174 with commit b1ee0aa4945c49cbbd779da81040fcec4de80fd1
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.1.120 with commit 6afdcb285794e75d2c8995e3a44f523c176cc2de
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.6.64 with commit 612824dd0c9465ef365ace38b056c663d110956d
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.11.11 with commit 3d8558135cd56a2a8052024be4073e160f36658c
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.12.2 with commit 7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
 	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.13 with commit bcddf52b7a17adcebc768d26f4e27cf79adb424c

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-53172
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/mtd/ubi/attach.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ef52b7191ac41e68b1bf070d00c5b04ed16e4920
 	https://git.kernel.org/stable/c/871c148f8e0c32e505df9393ba4a303c3c3fe988
 	https://git.kernel.org/stable/c/04c0b0f37617099479c34e207c5550d081f585a6
 	https://git.kernel.org/stable/c/b1ee0aa4945c49cbbd779da81040fcec4de80fd1
 	https://git.kernel.org/stable/c/6afdcb285794e75d2c8995e3a44f523c176cc2de
 	https://git.kernel.org/stable/c/612824dd0c9465ef365ace38b056c663d110956d
 	https://git.kernel.org/stable/c/3d8558135cd56a2a8052024be4073e160f36658c
 	https://git.kernel.org/stable/c/7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
 	https://git.kernel.org/stable/c/bcddf52b7a17adcebc768d26f4e27cf79adb424c
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ubi: fastmap: Fix duplicate slab cache names while attaching

	Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when
	DEBUG_VM=y"), the duplicate slab cache names can be detected and a
	kernel WARNING is thrown out.
	In UBI fast attaching process, alloc_ai() could be invoked twice
	with the same slab cache name 'ubi_aeb_slab_cache', which will trigger
	following warning messages:
	kmem_cache of name 'ubi_aeb_slab_cache' already exists
	WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107
	__kmem_cache_create_args+0x100/0x5f0
	Modules linked in: ubi(+) nandsim [last unloaded: nandsim]
	CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2
	RIP: 0010:__kmem_cache_create_args+0x100/0x5f0
	Call Trace:
	__kmem_cache_create_args+0x100/0x5f0
	alloc_ai+0x295/0x3f0 [ubi]
	ubi_attach+0x3c3/0xcc0 [ubi]
	ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi]
	ubi_init+0x3fb/0x800 [ubi]
	do_init_module+0x265/0x7d0
	__x64_sys_finit_module+0x7a/0xc0

	The problem could be easily reproduced by loading UBI device by fastmap
	with CONFIG_DEBUG_VM=y.
	Fix it by using different slab names for alloc_ai() callers.

	The Linux kernel CVE team has assigned CVE-2024-53172 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 4.19.325 with commit ef52b7191ac41e68b1bf070d00c5b04ed16e4920
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.4.287 with commit 871c148f8e0c32e505df9393ba4a303c3c3fe988
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.10.231 with commit 04c0b0f37617099479c34e207c5550d081f585a6
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 5.15.174 with commit b1ee0aa4945c49cbbd779da81040fcec4de80fd1
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.1.120 with commit 6afdcb285794e75d2c8995e3a44f523c176cc2de
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.6.64 with commit 612824dd0c9465ef365ace38b056c663d110956d
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.11.11 with commit 3d8558135cd56a2a8052024be4073e160f36658c
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.12.2 with commit 7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
	Issue introduced in 4.1 with commit d2158f69a7d469c21c37f7028c18aa8c54707de3 and fixed in 6.13 with commit bcddf52b7a17adcebc768d26f4e27cf79adb424c

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-53172
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/mtd/ubi/attach.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ef52b7191ac41e68b1bf070d00c5b04ed16e4920
	https://git.kernel.org/stable/c/871c148f8e0c32e505df9393ba4a303c3c3fe988
	https://git.kernel.org/stable/c/04c0b0f37617099479c34e207c5550d081f585a6
	https://git.kernel.org/stable/c/b1ee0aa4945c49cbbd779da81040fcec4de80fd1
	https://git.kernel.org/stable/c/6afdcb285794e75d2c8995e3a44f523c176cc2de
	https://git.kernel.org/stable/c/612824dd0c9465ef365ace38b056c663d110956d
	https://git.kernel.org/stable/c/3d8558135cd56a2a8052024be4073e160f36658c
	https://git.kernel.org/stable/c/7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
	https://git.kernel.org/stable/c/bcddf52b7a17adcebc768d26f4e27cf79adb424c