Detections
Analytics

CVE-2024-56584

medium

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/tctx: work around xa_store() allocation error issue syzbot triggered the following WARN_ON: WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51 which is the WARN_ON_ONCE(!xa_empty(&tctx->xa)); sanity check in __io_uring_free() when a io_uring_task is going through its final put. The syzbot test case includes injecting memory allocation failures, and it very much looks like xa_store() can fail one of its memory allocations and end up with ->head being non-NULL even though no entries exist in the xarray. Until this issue gets sorted out, work around it by attempting to iterate entries in our xarray, and WARN_ON_ONCE() if one is found.

References

https://git.kernel.org/stable/c/d5b2ddf1f90c7248eff9630b95895c8950f2f36d

https://git.kernel.org/stable/c/94ad56f61b873ffeebcc620d451eacfbdf9d40f0

https://git.kernel.org/stable/c/7eb75ce7527129d7f1fee6951566af409a37a1c4

https://git.kernel.org/stable/c/42882b583095dcf747da6e3af1daeff40e27033e

Details

Source: Mitre, NVD

Published: 2024-12-27

Updated: 2024-12-27

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium