[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/mips/kernel/ftrace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e424054000878d7eb11e44289242886d6e219d22","lessThan":"e3e33ac2eb69d595079a1a1e444c2fb98efdd42d","versionType":"git","status":"affected"},{"version":"e424054000878d7eb11e44289242886d6e219d22","lessThan":"7f39b9d0e86ed6236b9a5fb67616ab1f76c4f150","versionType":"git","status":"affected"},{"version":"e424054000878d7eb11e44289242886d6e219d22","lessThan":"36dac9a3dda1f2bae343191bc16b910c603cac25","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/mips/kernel/ftrace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.35","status":"affected"},{"version":"0","lessThan":"2.6.35","versionType":"semver","status":"unaffected"},{"version":"6.12.64","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.3","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787

OR
          *cpe:2.3:o:linux:linux_kernel:2.6.35:-:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.3
          *cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.35.1 up to (excluding) 6.12.64

kernel.org: https://git.kernel.org/stable/c/36dac9a3dda1f2bae343191bc16b910c603cac25 Types: Patch

kernel.org: https://git.kernel.org/stable/c/7f39b9d0e86ed6236b9a5fb67616ab1f76c4f150 Types: Patch

kernel.org: https://git.kernel.org/stable/c/e3e33ac2eb69d595079a1a1e444c2fb98efdd42d Types: Patch

In the Linux kernel, the following vulnerability has been resolved:

MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits

Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of
dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used,
and this macro can generate more than 2 instructions. At the same
time, the code in ftrace assumes that no more than 2 instructions can
be generated, which is why it stores them in an int[2] array. However,
as previously noted, the macro UASM_i_LA_mostly (and now UASM_i_LA)
causes a buffer overflow when _mcount is beyond 32 bits. This leads to
corruption of the variables located in the __read_mostly section.

This corruption was observed because the variable
__cpu_primary_thread_mask was corrupted, causing a hang very early
during boot.

This fix prevents the corruption by avoiding the generation of
instructions if they could exceed 2 instructions in
length. Fortunately, insn_la_mcount is only used if the instrumented
code is located outside the kernel code section, so dynamic ftrace can
still be used, albeit in a more limited scope. This is still
preferable to corrupting memory and/or crashing the kernel.

https://git.kernel.org/stable/c/36dac9a3dda1f2bae343191bc16b910c603cac25

https://git.kernel.org/stable/c/7f39b9d0e86ed6236b9a5fb67616ab1f76c4f150

https://git.kernel.org/stable/c/e3e33ac2eb69d595079a1a1e444c2fb98efdd42d