CVE - CVE-2024-46847

CVE-ID
CVE-2024-46847	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmap_block' is being instantiated by new_vmap_block(), the partially initialised structure is added to the local 'vmap_block_queue' xarray before the 'cpu' field has been initialised. If another CPU is concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it may perform an out-of-bounds access to the remote queue thanks to an uninitialised index. This has been observed as UBSAN errors in Android: \| Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP \| \| Call trace: \| purge_fragmented_block+0x204/0x21c \| _vm_unmap_aliases+0x170/0x378 \| vm_unmap_aliases+0x1c/0x28 \| change_memory_common+0x1dc/0x26c \| set_memory_ro+0x18/0x24 \| module_enable_ro+0x98/0x238 \| do_init_module+0x1b0/0x310 Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the addition to the xarray.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1b2770e27d6d952f491bb362b657e5b2713c3efd URL:https://git.kernel.org/stable/c/1b2770e27d6d952f491bb362b657e5b2713c3efd MISC:https://git.kernel.org/stable/c/3e3de7947c751509027d26b679ecd243bc9db255 URL:https://git.kernel.org/stable/c/3e3de7947c751509027d26b679ecd243bc9db255 MISC:https://git.kernel.org/stable/c/6cf74e0e5e3ab5d5c9defb4c73dad54d52224671 URL:https://git.kernel.org/stable/c/6cf74e0e5e3ab5d5c9defb4c73dad54d52224671
Assigning CNA
kernel.org
Date Record Created
20240911	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240911)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)