Bugzilla – Bug 1224527
VUL-0: CVE-2024-35874: kernel: aio: Fix null ptr deref in aio_complete() wakeup
Last modified: 2024-05-29 12:01:38 UTC
In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queue entry - it effectively unlocks access. Previously, finish_wait() would see the empty list head and skip taking the lock, and then we'd return - but the completion path would still attempt to do the wakeup after the task_struct pointer had been overwritten. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35874 https://www.cve.org/CVERecord?id=CVE-2024-35874 https://git.kernel.org/stable/c/9678bcc6234d83759fe091c197f5017a32b468da https://git.kernel.org/stable/c/caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35874.mbox
Issue was introduced in v6.8 and we don't carry the patch in any of our branches. back to security team. [1:krisman@cartola kernel-source]$ ../scripts/scripts/check-kernel-fix -v -s 5.5 -r CVE-2024-35874 caeb4b0a11b3 ("aio: Fix null ptr deref in aio_complete() wakeup") merged v6.9-rc3~28^2 Fixes: 71eb6b6b0ba9 ("fs/aio: obey min_nr when doing wakeups") merged v6.8-rc1~215^2~18 Security fix for CVE-2024-35874 bsc#1224527 with CVSS 5.5 ACTION NEEDED! SLE15-SP6: NOPE: no problema for caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd SLE15-SP5: NOPE: no problema for caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd SLE12-SP5: NOPE: no problema for caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd SLE12-SP3-TD: NOPE: no problema for caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd [0:krisman@cartola kernel-source]$
All done, closing.