Bug 2315197 (CVE-2024-46845) - CVE-2024-46845 kernel: tracing/timerlat: Only clear timer if a kthread exists
Summary: CVE-2024-46845 kernel: tracing/timerlat: Only clear timer if a kthread exists
Keywords:
Status: NEW
Alias: CVE-2024-46845
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2315261
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-27 13:22 UTC by OSIDB Bzimport
Modified: 2024-12-10 13:02 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-09-27 13:22:37 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tracing/timerlat: Only clear timer if a kthread exists

The timerlat tracer can use user space threads to check for osnoise and
timer latency. If the program using this is killed via a SIGTERM, the
threads are shutdown one at a time and another tracing instance can start
up resetting the threads before they are fully closed. That causes the
hrtimer assigned to the kthread to be shutdown and freed twice when the
dying thread finally closes the file descriptors, causing a use-after-free
bug.

Only cancel the hrtimer if the associated thread is still around. Also add
the interface_lock around the resetting of the tlat_var->kthread.

Note, this is just a quick fix that can be backported to stable. A real
fix is to have a better synchronization between the shutdown of old
threads and the starting of new ones.
Comment 1 Robb Gatica 2024-09-27 14:52:33 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46845-a529@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.