Bug 2300520 (CVE-2024-42082) - CVE-2024-42082 kernel: xdp: Remove WARN() from __xdp_reg_mem_model()
Summary: CVE-2024-42082 kernel: xdp: Remove WARN() from __xdp_reg_mem_model()
Keywords:
Status: NEW
Alias: CVE-2024-42082
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2301721
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-29 16:29 UTC by OSIDB Bzimport
Modified: 2024-09-12 14:28 UTC (History)
4 users (show)

Fixed In Version: kernel 5.10.221, kernel 5.15.162, kernel 6.1.97, kernel 6.6.37, kernel 6.9.8, kernel 6.10
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6650 0 None None None 2024-09-12 14:28:42 UTC
Red Hat Product Errata RHSA-2024:6567 0 None None None 2024-09-11 01:01:17 UTC

Description OSIDB Bzimport 2024-07-29 16:29:33 UTC
In the Linux kernel, the following vulnerability has been resolved:

xdp: Remove WARN() from __xdp_reg_mem_model()

syzkaller reports a warning in __xdp_reg_mem_model().

The warning occurs only if __mem_id_init_hash_table() returns an error. It
returns the error in two cases:

  1. memory allocation fails;
  2. rhashtable_init() fails when some fields of rhashtable_params
     struct are not initialized properly.

The second case cannot happen since there is a static const rhashtable_params
struct with valid fields. So, warning is only triggered when there is a
problem with memory allocation.

Thus, there is no sense in using WARN() to handle this error and it can be
safely removed.

WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299

CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299

Call Trace:
 xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344
 xdp_test_run_setup net/bpf/test_run.c:188 [inline]
 bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377
 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267
 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240
 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649
 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75

Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Comment 1 Mauro Matteo Cascella 2024-07-30 17:04:56 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072956-CVE-2024-42082-8411@gregkh/T

Comment 2 Mauro Matteo Cascella 2024-07-30 17:05:17 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301721]

Comment 11 errata-xmlrpc 2024-09-11 01:01:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6567 https://access.redhat.com/errata/RHSA-2024:6567


Note You need to log in before you can comment on or make changes to this bug.