CVE-2024-57930
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-57930
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57930.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-57930
- Downstream
- Related
- Published
- 2025-01-21T12:15:26Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have process_string() also allow arrays
In order to catch a common bug where a TRACEEVENT() TPfastassign() assigns an address of an allocated string to the ring buffer and then references it in TPprintk(), which can be executed hours later when the string is free, the function testeventprintk() runs on all events as they are registered to make sure there's no unwanted dereferencing.
It calls processstring() to handle cases in TPprintk() format that has "%s". It returns whether or not the string is safe. But it can have some false positives.
For instance, xebomove() has:
TPprintk("movelackssource:%s, migrate object %p [size %zu] from %s to %s deviceid:%s", entry->movelackssource ? "yes" : "no", _entry->bo, _entry->size, xememtypetoname[entry->oldplacement], xememtypetoname[entry->newplacement], _getstr(device_id))
Where the "%s" references into xememtypetoname[]. This is an array of pointers that should be safe for the event to access. Instead of flagging this as a bad reference, if a reference points to an array, where the record field is the index, consider it safe.
- References
-
- https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571
- https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7
- https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f
- https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b
- https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8