From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F4461F4E3D for ; Fri, 27 Dec 2024 14:25:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735309500; cv=none; b=i/d8aewfzfdTmeWS7RcYHpCPNi+ie3KcsaG9ChVswg13bD3HBNW2gOe0iQHCDpx6ag/O9jKNPqqafP9ZZoM52sm3q5m3HT6n4Xzpl4cR+ge2ta4GQdDC6I7sjk5WVQaR/kbUVxPd5y7KZ3Q2UG4KxJ2w/LZ32qIhRO2qz5Urrhg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735309500; c=relaxed/simple; bh=+p6OJuRfzO1/HxVVZ5jnOzozgiMGmtu2YOFITu1Ys14=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=ipGIc7PHpZChLqP1oDXsy3QLRjrs4El+z4jwqF5RIjLiODoWDFzu7mDoQVaAneO7v04ljHpUXSV4ownA7UEPYq5r8Dz2bDNTTlmm2egyd5hKmbdfDmm3fpgHX0bpMDeEfieh3lNPt60uk4hp09UNlbN7gG3Szc/4e8vewzl15Ys= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=MlGddlXw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="MlGddlXw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1210FC4CED3; Fri, 27 Dec 2024 14:24:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1735309500; bh=+p6OJuRfzO1/HxVVZ5jnOzozgiMGmtu2YOFITu1Ys14=; h=From:To:Cc:Subject:Date:Reply-to:From; b=MlGddlXwi4y9vG0K+lcUJICZwr+uD+Yk0+q2A5t9gcRL770jiZtNU6oZIpAXGv1n5 jhDi/3giRlQsfmcxiUDp1cwS1qJMOa2KIySBxIUXC22LGJPVq5QfjdoVjbBYmu3OUF F/NvHlbSA2VX//JxcCwW+Rb8Qox74fkfT+ycpzOI= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2024-56560: slab: Fix too strict alignment check in create_cache() Date: Fri, 27 Dec 2024 15:23:11 +0100 Message-ID: <2024122712-CVE-2024-56560-e044@gregkh> X-Mailer: git-send-email 2.47.1 Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=3138; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=+p6OJuRfzO1/HxVVZ5jnOzozgiMGmtu2YOFITu1Ys14=; b=kA0DAAIRMUfUDdst+ykByyZiAGduuFGioCGSypv5FRfd7jZ/ed74lzdxFmwKoDdy0/xmz5VqJ YhdBAARAgAdFiEE9LYMxb94wiFKMT3LMUfUDdst+ykFAmduuFEACgkQMUfUDdst+yn0MQCgwnq9 Za5xRyyl29I8wwHt6er5VK4AniATaDbr5Zg9HNYBdewRDhpWod8r X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: slab: Fix too strict alignment check in create_cache() On m68k, where the minimum alignment of unsigned long is 2 bytes: Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22 CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783 Stack from 0102fe5c: 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b 0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044 0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007 01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4 00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004 00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88 Call Trace: [<00425e78>] dump_stack+0xc/0x10 [<0041eb74>] panic+0xd8/0x26c [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8 [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8 [<0041e5f0>] memset+0x0/0x8c [<005f67c0>] io_uring_init+0x54/0xd2 The minimal alignment of an integral type may differ from its size, hence is not safe to assume that an arbitrary freeptr_t (which is basically an unsigned long) is always aligned to 4 or 8 bytes. As nothing seems to require the additional alignment, it is safe to fix this by relaxing the check to the actual minimum alignment of freeptr_t. The Linux kernel CVE team has assigned CVE-2024-56560 to this issue. Affected and fixed versions =========================== Issue introduced in 6.12 with commit d345bd2e9834e2da505977e154a1c179c793b7b2 and fixed in 6.12.4 with commit 8b5aea5e5186733fa4e5aa4293b0a65a933f1a16 Issue introduced in 6.12 with commit d345bd2e9834e2da505977e154a1c179c793b7b2 and fixed in 6.13-rc1 with commit 9008fe8fad8255edfdbecea32d7eb0485d939d0d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56560 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: mm/slab_common.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8b5aea5e5186733fa4e5aa4293b0a65a933f1a16 https://git.kernel.org/stable/c/9008fe8fad8255edfdbecea32d7eb0485d939d0d