CVE - CVE-2024-34777

CVE-ID
CVE-2024-34777	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214) Read of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971 CPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117) kasan_report (mm/kasan/report.c:603) kasan_check_range (mm/kasan/generic.c:189) variable_test_bit (arch/x86/include/asm/bitops.h:227) [inline] arch_test_bit (arch/x86/include/asm/bitops.h:239) [inline] _test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline] node_state (include/linux/nodemask.h:423) [inline] map_benchmark_ioctl (kernel/dma/map_benchmark.c:214) full_proxy_unlocked_ioctl (fs/debugfs/file.c:333) __x64_sys_ioctl (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Compare node ids with sane bounds first. NUMA_NO_NODE is considered a special valid case meaning that benchmarking kthreads won't be bound to a cpuset of a given node. Found by Linux Verification Center (linuxtesting.org).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad URL:https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad MISC:https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b URL:https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b MISC:https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936 URL:https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936 MISC:https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87 URL:https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87 MISC:https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570 URL:https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570
Assigning CNA
kernel.org
Date Record Created
20240621	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240621)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)