2132640 – (CVE-2022-3424) CVE-2022-3424 kernel: Use after Free in gru_set_context_option leading to kernel panic

Bug 2132640 (CVE-2022-3424) - CVE-2022-3424 kernel: Use after Free in gru_set_context_option leading to kernel panic

Summary: CVE-2022-3424 kernel: Use after Free in gru_set_context_option leading to ker...

Keywords:
Status:	NEW
Alias:	CVE-2022-3424
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2132639 (view as bug list)
Depends On:	2132961 2137131 2137132 2137133 2137134
Blocks:	2126811 2175291
TreeView+	depends on / blocked

Reported:	2022-10-06 10:01 UTC by Alex
Modified:	2023-09-19 14:13 UTC (History)
CC List:	55 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Alex 2022-10-06 10:01:43 UTC

A use after free flaw in the Linux Kernel SGI GRU driver in drivers/misc/sgi-gru/grufile.c found. A local user can call gru_file_unlocked_ioctl with GRU_SET_CONTEXT_OPTION and then triggering error path in gru_check_context_placement function. This leads to use after free in gru_unload_context function.

Reference:
https://www.spinics.net/lists/kernel/msg4518970.html


Besides, this is a long existing bug which was introduced in 13 years ago:
https://github.com/torvalds/linux/commit/55484c45dbeca2eec7642932ec3f60f8a2d4bdbf

Comment 1 Alex 2022-10-06 10:31:02 UTC

*** Bug 2132639 has been marked as a duplicate of this bug. ***

Comment 3 Alex 2022-10-07 11:13:45 UTC

The latest candidate patch is:
https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/

- received the link from the Zheng Wang , see Bug 2126411.

Comment 5 Alex 2022-10-07 11:19:22 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2132961]

Comment 7 Alex 2022-10-23 18:25:49 UTC

Updated on 2022-10-19 03:17:26 UTC:
"
Here is the newest version of patch. https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz@163.com/
"
- received the link from the Zheng Wang , see Bug 2126411.

Comment 13 Justin M. Forbes 2023-01-19 23:05:06 UTC

This was fixed for Fedora with the 6.0.16 stable kernel update.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
alex000young
arachman
bhu
brdeoliv
chwhite
crwood
darcari
ddepaula
debarbos
dvlasenk
ezulian
hdegoede
hkrzesin
hpa
jarod
jarodwilson
jburrell
jfaracco
jferlan
jforbes
jglisse
jlelli
joe.lawrence
jonathan
josef
jshortt
jstancek
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lleshchi
lveyde
lzampier
masami256
mchehab
michal.skrivanek
mperina
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
steved
tyberry
vkumar
walters
williams