CVE-2021-47640

CVE-2021-47640

Título es
CVE-2021-47640

Mié, 26/02/2025 – 06:37

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2021-47640

Descripción en
In the Linux kernel, the following vulnerability has been resolved:

powerpc/kasan: Fix early region not updated correctly

The shadow's page table is not updated when PTE_RPN_SHIFT is 24
and PAGE_SHIFT is 12. It not only causes false positives but
also false negative as shown the following text.

Fix it by bringing the logic of kasan_early_shadow_page_entry here.

1. False Positive:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in pcpu_alloc+0x508/0xa50
Write of size 16 at addr f57f3be0 by task swapper/0/1

CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.0-12267-gdebe436e77c7 #1
Call Trace:
[c80d1c20] [c07fe7b8] dump_stack_lvl+0x4c/0x6c (unreliable)
[c80d1c40] [c02ff668] print_address_description.constprop.0+0x88/0x300
[c80d1c70] [c02ff45c] kasan_report+0x1ec/0x200
[c80d1cb0] [c0300b20] kasan_check_range+0x160/0x2f0
[c80d1cc0] [c03018a4] memset+0x34/0x90
[c80d1ce0] [c0280108] pcpu_alloc+0x508/0xa50
[c80d1d40] [c02fd7bc] __kmem_cache_create+0xfc/0x570
[c80d1d70] [c0283d64] kmem_cache_create_usercopy+0x274/0x3e0
[c80d1db0] [c2036580] init_sd+0xc4/0x1d0
[c80d1de0] [c00044a0] do_one_initcall+0xc0/0x33c
[c80d1eb0] [c2001624] kernel_init_freeable+0x2c8/0x384
[c80d1ef0] [c0004b14] kernel_init+0x24/0x170
[c80d1f10] [c001b26c] ret_from_kernel_thread+0x5c/0x64

Memory state around the buggy address:
f57f3a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
f57f3b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>f57f3b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
^
f57f3c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
f57f3c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

2. False Negative (with KASAN tests):
==================================================================
Before fix:
ok 45 – kmalloc_double_kzfree
# vmalloc_oob: EXPECTATION FAILED at lib/test_kasan.c:1039
KASAN failure expected in "((volatile char *)area)[3100]", but none occurred
not ok 46 – vmalloc_oob
not ok 1 – kasan

==================================================================
After fix:
ok 1 – kasan

26/02/2025

26/02/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias


  • https://git.kernel.org/stable/c/5a3d8f3192a409893c57808cc935e16484df1068

  • https://git.kernel.org/stable/c/7f19245c3647afea8c7c41f795506ef70f64b9f2

  • https://git.kernel.org/stable/c/dd75080aa8409ce10d50fb58981c6b59bf8707d3

  • https://git.kernel.org/stable/c/de56beace6648065d404cd9835aa7d30e3df519d

  • https://git.kernel.org/stable/c/e3d157a4b4f4e0268c98be5b7013bf4b31234bb6

  • https://git.kernel.org/stable/c/f39a3309393a4a484532f6ba745c6acbcfe06115

    • Enviar en el boletín
    Off

    Jose Alexis Correa Valencia

    Consultor de sistemas informáticos avanzados con más de 25 años de experiencia en el sector privado. Su carrera se ha enfocado en el análisis y diseño de sistemas, la instalación y configuración de hardware y software, así como en la administración de redes para diversas empresas. Además, ha tenido el privilegio de ser capacitador en temáticas avanzadas, especializándose en el manejo de datos en línea, la seguridad de transacciones y los multimedios.

    Ver todas las entradas