In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix overflow in getfreeelt()
"tracingmap->nextelt" in getfreeelt() is at risk of overflowing.
Once it overflows, new elements can still be inserted into the tracingmap
even though the maximum number of elements (max_elts
) has been reached.
Continuing to insert elements after the overflow could result in the
tracingmap containing "tracingmap->maxsize" elements, leaving no empty
entries.
If any attempt is made to insert an element into a full tracing_map using
__tracing_map_insert()
, it will cause an infinite loop with preemption
disabled, leading to a CPU hang problem.
Fix this by preventing any further increments to "tracingmap->nextelt" once it reaches "tracingmap->maxelt".
[ { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-110cbce0", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a172c7b22bc2feaf489cfc6d6865f7237134fdf8", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-222fa913", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-308235cb", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@236bb4690773ab6869b40bedc7bc8d889e36f9d6", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-3220580e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@788ea62499b3c18541fd6d621964d8fafbc4aec5", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-3726f120", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@236bb4690773ab6869b40bedc7bc8d889e36f9d6", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-3e065bff", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@788ea62499b3c18541fd6d621964d8fafbc4aec5", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-403b3b0a", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@302ceb625d7b990db205a15e371f9a71238de91c", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-41ff772f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a172c7b22bc2feaf489cfc6d6865f7237134fdf8", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-45f1b48f", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-5087421a", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@788ea62499b3c18541fd6d621964d8fafbc4aec5", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-53c8ef61", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd10d186a5409a1fe6e976df82858e9773a698da", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-58b52921", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcf86c01ca4676316557dd482c8416ece8c2e143", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-5af6c29d", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@302ceb625d7b990db205a15e371f9a71238de91c", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-6eb7aa03", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd10d186a5409a1fe6e976df82858e9773a698da", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-76d12144", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-79f39f59", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a172c7b22bc2feaf489cfc6d6865f7237134fdf8", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-79fffade", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcf86c01ca4676316557dd482c8416ece8c2e143", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-7a7c69e6", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@302ceb625d7b990db205a15e371f9a71238de91c", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-7b3860bb", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3e4dbc2858fe85d1dbd2e72a9fc5dea988b5c18", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-817799fc", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb223bf01e688dfe37e813c8988ee11c8c9f8d0a", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-9a80bd02", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb223bf01e688dfe37e813c8988ee11c8c9f8d0a", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-aa2a98fb", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@788ea62499b3c18541fd6d621964d8fafbc4aec5", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-aa4f088e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd10d186a5409a1fe6e976df82858e9773a698da", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-bfcc932e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcf86c01ca4676316557dd482c8416ece8c2e143", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "60265971941468451197330003736567734191", "16750858680478093528959588101768850270", "153094810224508591374728573505779298898", "132591705157167692984735385100471125221", "3726657577144973735558827148511552165", "148519342382636433230467127627233855639", "87070595328253521423804645205274535680", "111327423997047140294000729117550356219", "324701936924706009917673289873034715989", "82589464972741139514937087127833255403", "224354977955266306281247747366259671872", "130895738836207844443664153676864703281" ] }, "id": "CVE-2024-43890-c49c1731", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@302ceb625d7b990db205a15e371f9a71238de91c", "target": { "file": "kernel/trace/tracing_map.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-c5ed3f23", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb223bf01e688dfe37e813c8988ee11c8c9f8d0a", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-c97a43c1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb223bf01e688dfe37e813c8988ee11c8c9f8d0a", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-c9b94158", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcf86c01ca4676316557dd482c8416ece8c2e143", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "282590202161170528052225902339301786827", "length": 297.0 }, "id": "CVE-2024-43890-e4b34c19", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a172c7b22bc2feaf489cfc6d6865f7237134fdf8", "target": { "file": "kernel/trace/tracing_map.c", "function": "get_free_elt" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-f2695deb", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@236bb4690773ab6869b40bedc7bc8d889e36f9d6", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "284320497861024218431405853172161786731", "length": 810.0 }, "id": "CVE-2024-43890-f66da337", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@236bb4690773ab6869b40bedc7bc8d889e36f9d6", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_create" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "function_hash": "250422965323846774689481968404489759493", "length": 304.0 }, "id": "CVE-2024-43890-ff0e4619", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd10d186a5409a1fe6e976df82858e9773a698da", "target": { "file": "kernel/trace/tracing_map.c", "function": "tracing_map_clear" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false } ]