CVE-2024-43890
Linux Kernel Tracing Buffer Overflow
Description
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using `__tracing_map_insert()`, it will cause an infinite loop with preemption disabled, leading to a CPU hang problem. Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt".
INFO
Published Date :
Aug. 26, 2024, 11:15 a.m.
Last Modified :
Sept. 5, 2024, 6:48 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-43890
.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-43890
vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-43890
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Sep. 05, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Changed Reference Type https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6 No Types Assigned https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6 Patch Changed Reference Type https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c No Types Assigned https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c Patch Changed Reference Type https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5 No Types Assigned https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5 Patch Changed Reference Type https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8 No Types Assigned https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8 Patch Changed Reference Type https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143 No Types Assigned https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143 Patch Changed Reference Type https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da No Types Assigned https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da Patch Changed Reference Type https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18 No Types Assigned https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18 Patch Changed Reference Type https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a No Types Assigned https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a Patch Added CWE NIST CWE-190 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.7 up to (excluding) 4.19.320 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.282 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.224 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.165 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.105 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.46 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.10.5 *cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:* -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Aug. 26, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert an element into a full tracing_map using `__tracing_map_insert()`, it will cause an infinite loop with preemption disabled, leading to a CPU hang problem. Fix this by preventing any further increments to "tracing_map->next_elt" once it reaches "tracing_map->max_elt". Added Reference kernel.org https://git.kernel.org/stable/c/302ceb625d7b990db205a15e371f9a71238de91c [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/eb223bf01e688dfe37e813c8988ee11c8c9f8d0a [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/cd10d186a5409a1fe6e976df82858e9773a698da [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/788ea62499b3c18541fd6d621964d8fafbc4aec5 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/a172c7b22bc2feaf489cfc6d6865f7237134fdf8 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/236bb4690773ab6869b40bedc7bc8d889e36f9d6 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/bcf86c01ca4676316557dd482c8416ece8c2e143 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-43890
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-43890
weaknesses.