CVE-2024-39277

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39277
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39277.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39277
Downstream
Related
Published
2024-06-21T12:15:11Z
Modified
2025-08-09T20:01:28Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

dma-mapping: benchmark: handle NUMANONODE correctly

cpumaskofnode() can be called for NUMANONODE inside domapbenchmark() resulting in the following sanitizer report:

UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask [64][1]' CPU: 1 PID: 990 Comm: dmamapbenchma Not tainted 6.9.0-rc6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dumpstacklvl (lib/dumpstack.c:117) ubsanepilogue (lib/ubsan.c:232) _ubsanhandleoutofbounds (lib/ubsan.c:429) cpumaskofnode (arch/x86/include/asm/topology.h:72) [inline] domapbenchmark (kernel/dma/mapbenchmark.c:104) mapbenchmarkioctl (kernel/dma/mapbenchmark.c:246) fullproxyunlockedioctl (fs/debugfs/file.c:333) _x64sysioctl (fs/ioctl.c:890) dosyscall64 (arch/x86/entry/common.c:83) entrySYSCALL64afterhwframe (arch/x86/entry/entry64.S:130)

Use cpumaskofnode() in place when binding a kernel thread to a cpuset of a particular node.

Note that the provided node id is checked inside mapbenchmarkioctl(). It's just a NUMANONODE case which is not handled properly later.

Found by Linux Verification Center (linuxtesting.org).

References

Affected packages