CVE-2024-57994

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57994
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57994.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57994
Downstream
Related
Published
2025-02-27T02:07:15Z
Modified
2025-10-17T14:36:33.238445Z
Summary
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Details

In the Linux kernel, the following vulnerability has been resolved:

ptrring: do not block hard interrupts in ptrringresizemultiple()

Jakub added a lockdepassertnohardirq() check in _pagepoolput_page() to increase test coverage.

syzbot found a splat caused by hard irq blocking in ptrringresize_multiple() [1]

As current users of ptrringresize_multiple() do not require hard irqs being masked, replace it to only block BH.

Rename helpers to better reflect they are safe against BH only.

  • ptrringresizemultiple() to ptrringresizemultiple_bh()
  • skbarrayresizemultiple() to skbarrayresizemultiple_bh()

[1]

WARNING: CPU: 1 PID: 9150 at net/core/pagepool.c:709 pagepoolputpage net/core/pagepool.c:709 [inline] WARNING: CPU: 1 PID: 9150 at net/core/pagepool.c:709 pagepoolputunrefednetmem+0x157/0xa40 net/core/pagepool.c:780 Modules linked in: CPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:pagepoolputpage net/core/pagepool.c:709 [inline] RIP: 0010:pagepoolputunrefednetmem+0x157/0xa40 net/core/pagepool.c:780 Code: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 <0f> 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85 RSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083 RAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000 RDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843 RBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d R10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040 R13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff FS: 00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> tunptrfree drivers/net/tun.c:617 [inline] _ptrringswapqueue include/linux/ptrring.h:571 [inline] ptrringresizemultiplenoprof include/linux/ptrring.h:643 [inline] tunqueueresize drivers/net/tun.c:3694 [inline] tundeviceevent+0xaaf/0x1080 drivers/net/tun.c:3714 notifiercallchain+0x19f/0x3e0 kernel/notifier.c:93 callnetdevicenotifiersextack net/core/dev.c:2032 [inline] callnetdevicenotifiers net/core/dev.c:2046 [inline] devchangetxqueuelen+0x158/0x2a0 net/core/dev.c:9024 dosetlink+0xff6/0x41f0 net/core/rtnetlink.c:2923 rtnlsetlink+0x40d/0x5a0 net/core/rtnetlink.c:3201 rtnetlinkrcvmsg+0x73f/0xcf0 net/core/rtnetlink.c:6647 netlinkrcvskb+0x1e3/0x430 net/netlink/afnetlink.c:2550

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff4e538c8c3e675a15e1e49509c55951832e0451
Fixed
3257dac521d0ac6653108c755141dce634bb8ff2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff4e538c8c3e675a15e1e49509c55951832e0451
Fixed
e74801b7628dc52b17471aec729bc675479ddc73
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff4e538c8c3e675a15e1e49509c55951832e0451
Fixed
a126061c80d5efb4baef4bcf346094139cd81df6

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.5
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.12.13
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.2