CVE - CVE-2024-42096

CVE-ID
CVE-2024-42096	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout that aren't necessarily valid. Basically, the code tries to account the time spent in spinlocks to the caller rather than the spinlock, and while I support that as a concept, it's not worth the code complexity or the KASAN warnings when no serious profiling is done using timers anyway these days. And the code really does depend on stack layout that is only true in the simplest of cases. We've lost the comment at some point (I think when the 32-bit and 64-bit code was unified), but it used to say: Assume the lock function has either no stack frame or a copy of eflags from PUSHF. which explains why it just blindly loads a word or two straight off the stack pointer and then takes a minimal look at the values to just check if they might be eflags or the return pc: Eflags always has bits 22 and up cleared unlike kernel addresses but that basic stack layout assumption assumes that there isn't any lock debugging etc going on that would complicate the code and cause a stack frame. It causes KASAN unhappiness reported for years by syzkaller [1] and others [2]. With no real practical reason for this any more, just remove the code. Just for historical interest, here's some background commits relating to this code from 2006: 0cb91a229364 ("i386: Account spinlocks to the caller during profiling for !FP kernels") 31679f38d886 ("Simplify profile_pc on x86-64") and a code unification from 2009: ef4512882dbe ("x86: time_32/64.c unify profile_pc") but the basics of this thing actually goes back to before the git tree.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca URL:https://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca MISC:https://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b URL:https://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b MISC:https://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92 URL:https://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92 MISC:https://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29 URL:https://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29 MISC:https://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77 URL:https://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77 MISC:https://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4 URL:https://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4 MISC:https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e URL:https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e MISC:https://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68 URL:https://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68
Assigning CNA
kernel.org
Date Record Created
20240729	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240729)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)