cve/published/2024/CVE-2024-57930.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have process_string() also allow arrays\n\nIn order to catch a common bug where a TRACE_EVENT() TP_fast_assign()\nassigns an address of an allocated string to the ring buffer and then\nreferences it in TP_printk(), which can be executed hours later when the\nstring is free, the function test_event_printk() runs on all events as\nthey are registered to make sure there's no unwanted dereferencing.\n\nIt calls process_string() to handle cases in TP_printk() format that has\n\"%s\". It returns whether or not the string is safe. But it can have some\nfalse positives.\n\nFor instance, xe_bo_move() has:\n\n TP_printk(\"move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s\",\n            __entry->move_lacks_source ? \"yes\" : \"no\", __entry->bo, __entry->size,\n            xe_mem_type_to_name[__entry->old_placement],\n            xe_mem_type_to_name[__entry->new_placement], __get_str(device_id))\n\nWhere the \"%s\" references into xe_mem_type_to_name[]. This is an array of\npointers that should be safe for the event to access. Instead of flagging\nthis as a bad reference, if a reference points to an array, where the\nrecord field is the index, consider it safe."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "kernel/trace/trace_events.c"
                ],
                "versions": [
                   {
                      "version": "85d7635d54d75a2589f28583dc17feedc3aa4ad6",
                      "lessThan": "3bcdc9039a6e9e6e47ed689a37b8d57894a3c571",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f3ff759ec636b4094b8eb2c3801e4e6c97a6b712",
                      "lessThan": "631b1e09e213c86d5a4ce23d45c81af473bb0ac7",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "2f6ad0b613cd45cca48e6eb04f65351db018afb0",
                      "lessThan": "a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "683eccacc02d2eb25d1c34b8fb0363fcc7e08f64",
                      "lessThan": "92bd18c74624e5eb9f96e70076aa46293f4b626f",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "65a25d9f7ac02e0cf361356e834d1c71d36acca9",
                      "lessThan": "afc6717628f959941d7b33728570568b4af1c4b8",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "kernel/trace/trace_events.c"
                ],
                "versions": [
                   {
                      "version": "6.1.122",
                      "lessThan": "6.1.124",
                      "status": "affected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.68",
                      "lessThan": "6.6.70",
                      "status": "affected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12.7",
                      "lessThan": "6.12.9",
                      "status": "affected",
                      "versionType": "semver"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.1.122",
                            "versionEndExcluding": "6.1.124"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.6.68",
                            "versionEndExcluding": "6.6.70"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.12.7",
                            "versionEndExcluding": "6.12.9"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571"
             },
             {
                "url": "https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7"
             },
             {
                "url": "https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b"
             },
             {
                "url": "https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f"
             },
             {
                "url": "https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8"
             }
          ],
          "title": "tracing: Have process_string() also allow arrays",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-57930",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have process_string() also allow arrays\n\nIn order to catch a common bug where a TRACE_EVENT() TP_fast_assign()\nassigns an address of an allocated string to the ring buffer and then\nreferences it in TP_printk(), which can be executed hours later when the\nstring is free, the function test_event_printk() runs on all events as\nthey are registered to make sure there's no unwanted dereferencing.\n\nIt calls process_string() to handle cases in TP_printk() format that has\n\"%s\". It returns whether or not the string is safe. But it can have some\nfalse positives.\n\nFor instance, xe_bo_move() has:\n\n TP_printk(\"move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s\",\n __entry->move_lacks_source ? \"yes\" : \"no\", __entry->bo, __entry->size,\n xe_mem_type_to_name[__entry->old_placement],\n xe_mem_type_to_name[__entry->new_placement], __get_str(device_id))\n\nWhere the \"%s\" references into xe_mem_type_to_name[]. This is an array of\npointers that should be safe for the event to access. Instead of flagging\nthis as a bad reference, if a reference points to an array, where the\nrecord field is the index, consider it safe."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"kernel/trace/trace_events.c"
	],
	"versions": [
	{
	"version": "85d7635d54d75a2589f28583dc17feedc3aa4ad6",
	"lessThan": "3bcdc9039a6e9e6e47ed689a37b8d57894a3c571",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f3ff759ec636b4094b8eb2c3801e4e6c97a6b712",
	"lessThan": "631b1e09e213c86d5a4ce23d45c81af473bb0ac7",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "2f6ad0b613cd45cca48e6eb04f65351db018afb0",
	"lessThan": "a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "683eccacc02d2eb25d1c34b8fb0363fcc7e08f64",
	"lessThan": "92bd18c74624e5eb9f96e70076aa46293f4b626f",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "65a25d9f7ac02e0cf361356e834d1c71d36acca9",
	"lessThan": "afc6717628f959941d7b33728570568b4af1c4b8",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"kernel/trace/trace_events.c"
	],
	"versions": [
	{
	"version": "6.1.122",
	"lessThan": "6.1.124",
	"status": "affected",
	"versionType": "semver"
	},
	{
	"version": "6.6.68",
	"lessThan": "6.6.70",
	"status": "affected",
	"versionType": "semver"
	},
	{
	"version": "6.12.7",
	"lessThan": "6.12.9",
	"status": "affected",
	"versionType": "semver"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.1.122",
	"versionEndExcluding": "6.1.124"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.6.68",
	"versionEndExcluding": "6.6.70"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.12.7",
	"versionEndExcluding": "6.12.9"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571"
	},
	{
	"url": "https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7"
	},
	{
	"url": "https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b"
	},
	{
	"url": "https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f"
	},
	{
	"url": "https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8"
	}
	],
	"title": "tracing: Have process_string() also allow arrays",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-57930",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}