CVE - CVE-2024-57930

CVE-ID
CVE-2024-57930	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there's no unwanted dereferencing. It calls process_string() to handle cases in TP_printk() format that has "%s". It returns whether or not the string is safe. But it can have some false positives. For instance, xe_bo_move() has: TP_printk("move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s", __entry->move_lacks_source ? "yes" : "no", __entry->bo, __entry->size, xe_mem_type_to_name[__entry->old_placement], xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) Where the "%s" references into xe_mem_type_to_name[]. This is an array of pointers that should be safe for the event to access. Instead of flagging this as a bad reference, if a reference points to an array, where the record field is the index, consider it safe.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571 URL:https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571 MISC:https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7 URL:https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7 MISC:https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f URL:https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f MISC:https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b URL:https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b MISC:https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8 URL:https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8
Assigning CNA
kernel.org
Date Record Created
20250119	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)