Executive Summary

Informations
Name CVE-2024-36925 First vendor Publication 2024-05-30
Vendor Cve Last vendor Modification 2024-06-10

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y

Using restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction with dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following crash when initialising the restricted pools at boot-time:

| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
| Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
| pc : rmem_swiotlb_device_init+0xfc/0x1ec
| lr : rmem_swiotlb_device_init+0xf0/0x1ec
| Call trace:
| rmem_swiotlb_device_init+0xfc/0x1ec
| of_reserved_mem_device_init_by_idx+0x18c/0x238
| of_dma_configure_id+0x31c/0x33c
| platform_dma_configure+0x34/0x80

faddr2line reveals that the crash is in the list validation code:

include/linux/list.h:83
include/linux/rculist.h:79
include/linux/rculist.h:106
kernel/dma/swiotlb.c:306
kernel/dma/swiotlb.c:1695

because add_mem_pool() is trying to list_add_rcu() to a NULL 'mem->pools'.

Fix the crash by initialising the 'mem->pools' list_head in rmem_swiotlb_device_init() before calling add_mem_pool().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36925

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3582

Sources (Detail)

https://git.kernel.org/stable/c/75961ffb5cb3e5196f19cae7683f35cc88b50800
https://git.kernel.org/stable/c/f2a6b3ed20f2dea4cb645abc6a73c4595662adca
https://git.kernel.org/stable/c/f62e0fefcdfe2c05ccb1aa80521a69524eea9c84
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-10-23 02:56:36
  • Multiple Updates
2024-10-03 02:51:57
  • Multiple Updates
2024-10-02 02:50:21
  • Multiple Updates
2024-09-15 02:48:14
  • Multiple Updates
2024-09-12 02:47:46
  • Multiple Updates
2024-09-06 02:46:01
  • Multiple Updates
2024-09-04 02:49:16
  • Multiple Updates
2024-08-22 02:47:19
  • Multiple Updates
2024-08-02 13:56:24
  • Multiple Updates
2024-08-02 01:35:40
  • Multiple Updates
2024-06-11 00:27:33
  • Multiple Updates
2024-05-31 00:27:31
  • Multiple Updates
2024-05-30 21:27:22
  • First insertion