In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix overflow in getfreeelt()
"tracingmap->nextelt" in getfreeelt() is at risk of overflowing.
Once it overflows, new elements can still be inserted into the tracingmap
even though the maximum number of elements (max_elts
) has been reached.
Continuing to insert elements after the overflow could result in the
tracingmap containing "tracingmap->maxsize" elements, leaving no empty
entries.
If any attempt is made to insert an element into a full tracing_map using
__tracing_map_insert()
, it will cause an infinite loop with preemption
disabled, leading to a CPU hang problem.
Fix this by preventing any further increments to "tracingmap->nextelt" once it reaches "tracingmap->maxelt".