Bug 2323914 (CVE-2024-50132) - CVE-2024-50132 kernel: tracing/probes: Fix MAX_TRACE_ARGS limit handling
Summary: CVE-2024-50132 kernel: tracing/probes: Fix MAX_TRACE_ARGS limit handling
Keywords:
Status: NEW
Alias: CVE-2024-50132
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2324045
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-05 18:01 UTC by OSIDB Bzimport
Modified: 2024-11-05 22:20 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-11-05 18:01:54 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tracing/probes: Fix MAX_TRACE_ARGS limit handling

When creating a trace_probe we would set nr_args prior to truncating the
arguments to MAX_TRACE_ARGS. However, we would only initialize arguments
up to the limit.

This caused invalid memory access when attempting to set up probes with
more than 128 fetchargs.

  BUG: kernel NULL pointer dereference, address: 0000000000000020
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: Oops: 0000 [#1] PREEMPT SMP PTI
  CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014
  RIP: 0010:__set_print_fmt+0x134/0x330

Resolve the issue by applying the MAX_TRACE_ARGS limit earlier. Return
an error when there are too many arguments instead of silently
truncating.
Comment 1 Robb Gatica 2024-11-05 21:28:31 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024110558-CVE-2024-50132-3221@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.