NVD Vulnerability Detail

CVE-2024-49935

Summary	In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exit_round_robin() The kernel occasionally crashes in cpumask_clear_cpu(), which is called within exit_round_robin(), because when executing clear_bit(nr, addr) with nr set to 0xffffffff, the address calculation may cause misalignment within the memory, leading to access to an invalid memory address. ---------- BUG: unable to handle kernel paging request at ffffffffe0740618 ... CPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: loaded Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1 ... RIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad] Code: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 <f0> 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31 RSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202 RAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 RBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8 R10: 0000000000000000 R11: 0000000000000001 R12: 000000000000000e R13: 0000000000000000 R14: ffffffffffffffff R15: 000000000000000e FS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? acpi_pad_add+0x120/0x120 [acpi_pad] kthread+0x10b/0x130 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x1f/0x40 ... CR2: ffffffffe0740618 crash> dis -lr ffffffffc0726923 ... /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114 0xffffffffc0726918 <power_saving_thread+776>: mov %r12d,%r12d /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325 0xffffffffc072691b <power_saving_thread+779>: mov -0x3f8d7de0(,%r12,4),%eax /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80 0xffffffffc0726923 <power_saving_thread+787>: lock btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 <pad_busy_cpus_bits> crash> px tsk_in_cpu[14] $66 = 0xffffffff crash> px 0xffffffffc072692c+0x19cf4 $99 = 0xffffffffc0740620 crash> sym 0xffffffffc0740620 ffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad] crash> px pad_busy_cpus_bits[0] $42 = 0xfffc0 ---------- To fix this, ensure that tsk_in_cpu[tsk_index] != -1 before calling cpumask_clear_cpu() in exit_round_robin(), just as it is done in round_robin_cpu(). [ rjw: Subject edit, avoid updates to the same value ]
Publication Date	Oct. 22, 2024, 3:15 a.m.
Registration Date	Oct. 22, 2024, 12:03 p.m.
Last Update	Nov. 14, 2024, 12:21 a.m.

CVSS3.1 : MEDIUM
スコア	5.5
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::				5.15.168
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.1.113
cpe:2.3:o:linux:linux_kernel::::::::	6.7			6.10.14
cpe:2.3:o:linux:linux_kernel::::::::	6.11			6.11.3
cpe:2.3:o:linux:linux_kernel::::::::	6.2			6.6.55

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/92e5661b7d0727ab912b76625a88b33fdb9b609a	Patch
2	https://git.kernel.org/stable/c/68a599da16ebad442ce295d8d2d5c488e3992822	Patch
3	https://git.kernel.org/stable/c/68a8e45743d6a120f863fb14b72dc59616597019	Patch
4	https://git.kernel.org/stable/c/03593dbb0b272ef7b0358b099841e65735422aca	Patch
5	https://git.kernel.org/stable/c/27c045f868f0e5052c6b532868a65e0cd250c8fc	Patch
6	https://git.kernel.org/stable/c/0a2ed70a549e61c5181bad5db418d223b68ae932	Patch

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 29, 2024, midnight
Registration Date	Nov. 14, 2024, 4:59 p.m.
Last Update	Nov. 14, 2024, 4:59 p.m.

Affected System

Linux

Linux Kernel 5.15.168 未満

Linux Kernel 5.16 以上 6.1.113 未満

Linux Kernel 6.11 以上 6.11.3 未満

Linux Kernel 6.2 以上 6.6.55 未満

Linux Kernel 6.7 以上 6.10.14 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-49935	https://www.cve.org/CVERecord?id=CVE-2024-49935
National Vulnerability Database (NVD)
2	CVE-2024-49935	https://nvd.nist.gov/vuln/detail/CVE-2024-49935

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	ACPI: PAD: fix crash in exit_round_robin() (03593db)	https://git.kernel.org/stable/c/03593dbb0b272ef7b0358b099841e65735422aca
2	ACPI: PAD: fix crash in exit_round_robin() (0a2ed70)	https://git.kernel.org/stable/c/0a2ed70a549e61c5181bad5db418d223b68ae932
3	ACPI: PAD: fix crash in exit_round_robin() (27c045f)	https://git.kernel.org/stable/c/27c045f868f0e5052c6b532868a65e0cd250c8fc
4	ACPI: PAD: fix crash in exit_round_robin() (68a599d)	https://git.kernel.org/stable/c/68a599da16ebad442ce295d8d2d5c488e3992822
5	ACPI: PAD: fix crash in exit_round_robin() (68a8e45)	https://git.kernel.org/stable/c/68a8e45743d6a120f863fb14b72dc59616597019
6	ACPI: PAD: fix crash in exit_round_robin() (92e5661)	https://git.kernel.org/stable/c/92e5661b7d0727ab912b76625a88b33fdb9b609a
Linux Kernel
7	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年11月14日] 掲載	Nov. 14, 2024, 4:59 p.m.