NVD

Vulnerability Change Records for CVE-2024-42254

Change History

New CVE Received by NIST 8/08/2024 5:15:08 AM

Action

Type

Old Value

New Value

Added

Description

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix error pbuf checking

Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent
error handling in io_alloc_pbuf_ring().

KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341
Call Trace:
 <TASK>
 io_put_bl io_uring/kbuf.c:378 [inline]
 io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392
 io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613
 io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Added

Reference

kernel.org https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d [No types assigned]

Added

Reference

kernel.org https://git.kernel.org/stable/c/bcc87d978b834c298bbdd9c52454c5d0a946e97e [No types assigned]

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Vulnerability Change Records for CVE-2024-42254

Change History

New CVE Received by NIST 8/08/2024 5:15:08 AM