AZL-42838

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42838.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-42838
Upstream
Published
2024-06-21T12:15:11Z
Modified
2026-04-01T05:14:51.836034Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
CVE-2024-39277 affecting package kernel for versions less than 6.6.35.1-4
Details

In the Linux kernel, the following vulnerability has been resolved:

dma-mapping: benchmark: handle NUMANONODE correctly

cpumaskofnode() can be called for NUMANONODE inside domapbenchmark() resulting in the following sanitizer report:

UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask [64][1]' CPU: 1 PID: 990 Comm: dmamapbenchma Not tainted 6.9.0-rc6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dumpstacklvl (lib/dumpstack.c:117) ubsanepilogue (lib/ubsan.c:232) __ubsanhandleout_ofbounds (lib/ubsan.c:429) cpumaskofnode (arch/x86/include/asm/topology.h:72) [inline] domapbenchmark (kernel/dma/mapbenchmark.c:104) mapbenchmarkioctl (kernel/dma/mapbenchmark.c:246) fullproxyunlockedioctl (fs/debugfs/file.c:333) _x64sysioctl (fs/ioctl.c:890) dosyscall64 (arch/x86/entry/common.c:83) entrySYSCALL64afterhwframe (arch/x86/entry/entry64.S:130)

Use cpumaskofnode() in place when binding a kernel thread to a cpuset of a particular node.

Note that the provided node id is checked inside mapbenchmarkioctl(). It's just a NUMANONODE case which is not handled properly later.

Found by Linux Verification Center (linuxtesting.org).

References

Affected packages

Azure Linux:3 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.35.1-4

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42838.json"