CVE-2024-56617
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56617
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56617.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56617
- Downstream
- Related
- Published
- 2024-12-27T14:51:21Z
- Modified
- 2025-10-14T16:32:06.806097Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
Commit
5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU")
adds functionality that architectures can use to optionally allocate and build cacheinfo early during boot. Commit
6539cffa9495 ("cacheinfo: Add arch specific early level initializer")
lets secondary CPUs correct (and reallocate memory) cacheinfo data if needed.
If the early build functionality is not used and cacheinfo does not need correction, memory for cacheinfo is never allocated. x86 does not use the early build functionality. Consequently, during the cacheinfo CPU hotplug callback, lastlevelcacheisvalid() attempts to dereference a NULL pointer:
BUG: kernel NULL pointer dereference, address: 0000000000000100 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not present page PGD 0 P4D 0 Oops: 0000 [#1] PREEPMT SMP NOPTI CPU: 0 PID 19 Comm: cpuhp/0 Not tainted 6.4.0-rc2 #1 RIP: 0010: lastlevelcacheis_valid+0x95/0xe0a
Allocate memory for cacheinfo during the cacheinfo CPU hotplug callback if not done earlier.
Moreover, before determining the validity of the last-level cache info, ensure that it has been allocated. Simply checking for non-zero cacheleaves() is not sufficient, as some architectures (e.g., Intel processors) have non-zero cacheleaves() before allocation.
Dereferencing NULL cacheinfo can occur in updatepercpudataslice_size(). This function iterates over all online CPUs. However, a CPU may have come online recently, but its cacheinfo may not have been allocated yet.
While here, remove an unnecessary indentation in allocatecacheinfo().
[ bp: Massage. ]
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6539cffa94957241c096099a57d05fa4d8c7db8aFixed23b5908b11b77ff8d7b8f7b8f11cbab2e1f4bfc2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6539cffa94957241c096099a57d05fa4d8c7db8aFixed95e197354e0de07e9a20819bdae6562e4dda0f20
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6539cffa94957241c096099a57d05fa4d8c7db8aFixedb3fce429a1e030b50c1c91351d69b8667eef627b
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.13-rc1
v6.3
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "drivers/base/cacheinfo.c",
"function": "last_level_cache_is_valid"
},
"signature_version": "v1",
"digest": {
"length": 217.0,
"function_hash": "254494404070698529731100894528633047748"
},
"id": "CVE-2024-56617-611dd6b1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e197354e0de07e9a20819bdae6562e4dda0f20",
"signature_type": "Function"
},
{
"target": {
"file": "drivers/base/cacheinfo.c",
"function": "last_level_cache_is_valid"
},
"signature_version": "v1",
"digest": {
"length": 217.0,
"function_hash": "254494404070698529731100894528633047748"
},
"id": "CVE-2024-56617-657afb76",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23b5908b11b77ff8d7b8f7b8f11cbab2e1f4bfc2",
"signature_type": "Function"
},
{
"target": {
"file": "drivers/base/cacheinfo.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"206056683038495248641740955711231367818",
"278706966535777486243305522684589301039",
"215602020694942433448345659952701461741",
"244772622452842819455989500952081962480",
"136588103597680078420040511104528741273",
"87242218140018039855471531068032905981",
"80033160098779488451103565890608872452",
"158143331698398978835249065351319147783",
"292240371913035193726814285184688832293",
"132002206309261859786008199506134858944",
"256868264537641427117292519826247049193",
"268591840201349485866138287021898563372",
"262289705015503501593669534872264462745",
"132568449398166482706017568011055054555",
"252959059234042356515741886608321665830",
"27551770453365559445490173446184370288"
]
},
"id": "CVE-2024-56617-87e5485d",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23b5908b11b77ff8d7b8f7b8f11cbab2e1f4bfc2",
"signature_type": "Line"
},
{
"target": {
"file": "drivers/base/cacheinfo.c",
"function": "init_level_allocate_ci"
},
"signature_version": "v1",
"digest": {
"length": 401.0,
"function_hash": "296351889982338542827032858421931855696"
},
"id": "CVE-2024-56617-a195b2ba",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@23b5908b11b77ff8d7b8f7b8f11cbab2e1f4bfc2",
"signature_type": "Function"
},
{
"target": {
"file": "drivers/base/cacheinfo.c",
"function": "last_level_cache_is_valid"
},
"signature_version": "v1",
"digest": {
"length": 217.0,
"function_hash": "254494404070698529731100894528633047748"
},
"id": "CVE-2024-56617-a41a87d9",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3fce429a1e030b50c1c91351d69b8667eef627b",
"signature_type": "Function"
},
{
"target": {
"file": "drivers/base/cacheinfo.c",
"function": "init_level_allocate_ci"
},
"signature_version": "v1",
"digest": {
"length": 401.0,
"function_hash": "296351889982338542827032858421931855696"
},
"id": "CVE-2024-56617-b1b24d16",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3fce429a1e030b50c1c91351d69b8667eef627b",
"signature_type": "Function"
},
{
"target": {
"file": "drivers/base/cacheinfo.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"206056683038495248641740955711231367818",
"278706966535777486243305522684589301039",
"215602020694942433448345659952701461741",
"244772622452842819455989500952081962480",
"136588103597680078420040511104528741273",
"87242218140018039855471531068032905981",
"80033160098779488451103565890608872452",
"158143331698398978835249065351319147783",
"292240371913035193726814285184688832293",
"132002206309261859786008199506134858944",
"256868264537641427117292519826247049193",
"268591840201349485866138287021898563372",
"262289705015503501593669534872264462745",
"132568449398166482706017568011055054555",
"252959059234042356515741886608321665830",
"27551770453365559445490173446184370288"
]
},
"id": "CVE-2024-56617-dd34f356",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b3fce429a1e030b50c1c91351d69b8667eef627b",
"signature_type": "Line"
},
{
"target": {
"file": "drivers/base/cacheinfo.c",
"function": "init_level_allocate_ci"
},
"signature_version": "v1",
"digest": {
"length": 401.0,
"function_hash": "296351889982338542827032858421931855696"
},
"id": "CVE-2024-56617-e2ac3402",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e197354e0de07e9a20819bdae6562e4dda0f20",
"signature_type": "Function"
},
{
"target": {
"file": "drivers/base/cacheinfo.c"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"206056683038495248641740955711231367818",
"278706966535777486243305522684589301039",
"215602020694942433448345659952701461741",
"244772622452842819455989500952081962480",
"136588103597680078420040511104528741273",
"87242218140018039855471531068032905981",
"80033160098779488451103565890608872452",
"158143331698398978835249065351319147783",
"292240371913035193726814285184688832293",
"132002206309261859786008199506134858944",
"256868264537641427117292519826247049193",
"268591840201349485866138287021898563372",
"262289705015503501593669534872264462745",
"132568449398166482706017568011055054555",
"252959059234042356515741886608321665830",
"27551770453365559445490173446184370288"
]
},
"id": "CVE-2024-56617-e3a9d88c",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95e197354e0de07e9a20819bdae6562e4dda0f20",
"signature_type": "Line"
}
]
}