2334662 – (CVE-2024-56706) CVE-2024-56706 kernel: s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex

Bug 2334662 (CVE-2024-56706) - CVE-2024-56706 kernel: s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex

Summary: CVE-2024-56706 kernel: s390/cpum_sf: Fix and protect memory allocation of SDB...

Keywords:
Status:	NEW
Alias:	CVE-2024-56706
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-12-28 10:01 UTC by OSIDB Bzimport
Modified:	2024-12-29 07:43 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-12-28 10:01:06 UTC

In the Linux kernel, the following vulnerability has been resolved:

s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex

Reservation of the PMU hardware is done at first event creation
and is protected by a pair of mutex_lock() and mutex_unlock().
After reservation of the PMU hardware the memory
required for the PMUs the event is to be installed on is
allocated by allocate_buffers() and alloc_sampling_buffer().
This done outside of the mutex protection.
Without mutex protection two or more concurrent invocations of
perf_event_init() may run in parallel.
This can lead to allocation of Sample Data Blocks (SDBs)
multiple times for the same PMU.
Prevent this and protect memory allocation of SDBs by
mutex.

Comment 1 Avinash Hanwate 2024-12-29 07:39:39 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024122838-CVE-2024-56706-d292@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.