Bug 2320580 (CVE-2024-50005) - CVE-2024-50005 kernel: mac802154: Fix potential RCU dereference issue in mac802154_scan_worker
Summary: CVE-2024-50005 kernel: mac802154: Fix potential RCU dereference issue in mac8...
Keywords:
Status: NEW
Alias: CVE-2024-50005
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2320938
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-21 19:12 UTC by OSIDB Bzimport
Modified: 2024-10-22 13:28 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-21 19:12:17 UTC 
In the Linux kernel, the following vulnerability has been resolved:

mac802154: Fix potential RCU dereference issue in mac802154_scan_worker

In the `mac802154_scan_worker` function, the `scan_req->type` field was
accessed after the RCU read-side critical section was unlocked. According
to RCU usage rules, this is illegal and can lead to unpredictable
behavior, such as accessing memory that has been updated or causing
use-after-free issues.

This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues.

To address this, the `scan_req->type` value is now stored in a local
variable `scan_req_type` while still within the RCU read-side critical
section. The `scan_req_type` is then used after the RCU lock is released,
ensuring that the type value is safely accessed without violating RCU
rules.
Comment 1 Avinash Hanwate 2024-10-22 11:51:09 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102108-CVE-2024-50005-3479@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.