DEBIAN-CVE-2024-46847

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purgefragmentedblock") extended the 'vmapblock' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmapblock' is being instantiated by newvmapblock(), the partially initialised structure is added to the local 'vmapblockqueue' xarray before the 'cpu' field has been initialised. If another CPU is concurrently walking the xarray (e.g. via vmunmapaliases()), then it may perform an out-of-bounds access to the remote queue thanks to an uninitialised index. This has been observed as UBSAN errors in Android: | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP | | Call trace: | purgefragmentedblock+0x204/0x21c | _vmunmapaliases+0x170/0x378 | vmunmapaliases+0x1c/0x28 | changememorycommon+0x1dc/0x26c | setmemoryro+0x18/0x24 | moduleenablero+0x98/0x238 | doinitmodule+0x1b0/0x310 Move the initialisation of 'vb->cpu' in newvmap_block() ahead of the addition to the xarray.