发布时间: 2024年6月1日
修改时间: 2025年4月13日
In the Linux kernel, the following vulnerability has been resolved:maple_tree: fix mas_empty_area_rev() null pointer dereferenceCurrently the code calls mas_start() followed by mas_data_end() if themaple state is MA_START, but mas_start() may return with the maple statenode == NULL. This will lead to a null pointer dereference when checkinginformation in the NULL node, which is done in mas_data_end().Avoid setting the offset if there is no node by waiting until after themaple state is checked for an empty or single entry state.A user could trigger the events to cause a kernel oops by unmapping allvmas to produce an empty maple tree, then mapping a vma that would causethe scenario described above.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Local | Local |
| CVSS评分 | 5.5 | 5.5 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-2540 | In the Linux kernel, the following vulnerability has been resolved:maple_tree: fix mas_empty_area_rev() null pointer dereferenceCurrently the code calls mas_start() followed by mas_data_end() if themaple state is MA_START, but mas_start() may return with the maple statenode == NULL. This will lead to a null pointer dereference when checkinginformation in the NULL node, which is done in mas_data_end().Avoid setting the offset if there is no node by waiting until after themaple state is checked for an empty or single entry state.A user could trigger the events to cause a kernel oops by unmapping allvmas to produce an empty maple tree, then mapping a vma that would causethe scenario described above. | 2024年6月1日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | kernel | Unaffected |
| KY3.4-5A | kernel | Unaffected |
| KY3.5.1 | kernel | Unaffected |
| KY3.5.2 | kernel | Unaffected |
| V6 | kernel | Unaffected |
