5.5

CVE-2024-56584

io_uring/tctx: work around xa_store() allocation error issue

In the Linux kernel, the following vulnerability has been resolved:

io_uring/tctx: work around xa_store() allocation error issue

syzbot triggered the following WARN_ON:

WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51

which is the

WARN_ON_ONCE(!xa_empty(&tctx->xa));

sanity check in __io_uring_free() when a io_uring_task is going through
its final put. The syzbot test case includes injecting memory allocation
failures, and it very much looks like xa_store() can fail one of its
memory allocations and end up with ->head being non-NULL even though no
entries exist in the xarray.

Until this issue gets sorted out, work around it by attempting to
iterate entries in our xarray, and WARN_ON_ONCE() if one is found.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.1 < 6.1.120
LinuxLinux Kernel Version >= 6.2 < 6.6.66
LinuxLinux Kernel Version >= 6.7 < 6.12.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://git.kernel.org/stable/c/42882b583095dcf747da6e3af1daeff40e27033e
Patch
https://git.kernel.org/stable/c/7eb75ce7527129d7f1fee6951566af409a37a1c4
Patch
https://git.kernel.org/stable/c/94ad56f61b873ffeebcc620d451eacfbdf9d40f0
Patch
https://git.kernel.org/stable/c/d5b2ddf1f90c7248eff9630b95895c8950f2f36d
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://git.kernel.org/stable/c/3a84fa784710990964c1e35df743851ab2863898
https://git.kernel.org/stable/c/e05c070b401f6365c503e2b59f091331965c4fb9