GHSA-hcp4-6c7v-w8f2

Опубликовано: 30 июл. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

In the Linux kernel, the following vulnerability has been resolved:

cdrom: rearrange last_media_change check to avoid unintentional overflow

When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat:

[ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_ru...

In the Linux kernel, the following vulnerability has been resolved:

cdrom: rearrange last_media_change check to avoid unintentional overflow

When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat:

Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with -fwrapv but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer").

Let's rearrange the check to not perform any arithmetic, thus not tripping the sanitizer.

Ссылки

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

CVE ID

CVE-2024-42136

Дефекты

CWE-190

Связанные уязвимости

CVE-2024-42136

CVSS3: 7.8

ubuntu

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runti...

CVE-2024-42136

CVSS3: 5.5

redhat

больше 1 года назад

CVE-2024-42136

CVSS3: 7.8

nvd

больше 1 года назад

CVE-2024-42136

CVSS3: 7.8

debian

больше 1 года назад

In the Linux kernel, the following vulnerability has been resolved: c ...

BDU:2024-08082

CVSS3: 7.8

fstec

больше 1 года назад

Уязвимость функции cdrom_ioctl_timed_media_change() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 2%

0.00014

Низкий

7.8 High

CVSS3

CVE ID

CVE-2024-42136

Дефекты

CWE-190