Описание
In the Linux kernel, the following vulnerability has been resolved:
interconnect: debugfs: initialize src_node and dst_node to empty strings
The debugfs_create_str() API assumes that the string pointer is either NULL
or points to valid kmalloc() memory. Leaving the pointer uninitialized can
cause problems.
Initialize src_node and dst_node to empty strings before creating the
debugfs entries to guarantee that reads and writes are safe.
A flaw was found in the Linux kernel's interconnect debugfs test client. This vulnerability arises from the use of uninitialized pointers when handling debugfs entries. A local user with sufficient privileges could exploit this by accessing these debugfs entries. Successful exploitation could lead to a kernel crash, causing a local denial of service (DoS). There is also a theoretical risk of memory corruption.
Отчет
The issue is in the interconnect debugfs test client. The debugfs_create_str API assumes that the backing pointer is either NULL or points to valid dynamically allocated memory. Before this change src_node and dst_node could be left uninitialized, meaning they might contain arbitrary stack or global garbage values. When the debugfs files are accessed, the debugfs str ing helpers may dereference the pointer to print the string, or may attempt to update it on write. With an uninitialized pointer this can lead to a kernel crash due to an invalid dereference, producing a local denial of service. Depending on the exact debugfs string implementation and write path behavior, there is also a more theoretical risk of memory corruption if the subsystem attempts to treat the garbage pointer as a valid allocation. Access requires local privileges sufficient to read or write the debugfs entries. In many deployments debugfs is restricted to root and may not be mounted.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize src_node and dst_node to empty strings The debugfs_create_str() API assumes that the string pointer is either NULL or points to valid kmalloc() memory. Leaving the pointer uninitialized can cause problems. Initialize src_node and dst_node to empty strings before creating the debugfs entries to guarantee that reads and writes are safe.
In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize src_node and dst_node to empty strings The debugfs_create_str() API assumes that the string pointer is either NULL or points to valid kmalloc() memory. Leaving the pointer uninitialized can cause problems. Initialize src_node and dst_node to empty strings before creating the debugfs entries to guarantee that reads and writes are safe.
In the Linux kernel, the following vulnerability has been resolved: i ...
In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize src_node and dst_node to empty strings The debugfs_create_str() API assumes that the string pointer is either NULL or points to valid kmalloc() memory. Leaving the pointer uninitialized can cause problems. Initialize src_node and dst_node to empty strings before creating the debugfs entries to guarantee that reads and writes are safe.
EPSS
4.4 Medium
CVSS3