摘要:
In the Linux kernel, the following vulnerability has been resolved:maple_tree: fix mas_empty_area_rev() null pointer dereferenceCurrently the code calls mas_start() followed by mas_data_end() if themaple state is MA_START, but mas_start() may return with the maple statenode == NULL. This will lead to a null pointer dereference when checkinginformation in the NULL node, which is done in mas_data_end().Avoid setting the offset if there is no node by waiting until after themaple state is checked for an empty or single entry state.A user could trigger the events to cause a kernel oops by unmapping allvmas to produce an empty maple tree, then mapping a vma that would causethe scenario described above.
安全等级: Low
公告ID: KylinSec-SA-2024-2540
发布日期: 2024年6月1日
关联CVE: CVE-2024-36891
In the Linux kernel, the following vulnerability has been resolved:maple_tree: fix mas_empty_area_rev() null pointer dereferenceCurrently the code calls mas_start() followed by mas_data_end() if themaple state is MA_START, but mas_start() may return with the maple statenode == NULL. This will lead to a null pointer dereference when checkinginformation in the NULL node, which is done in mas_data_end().Avoid setting the offset if there is no node by waiting until after themaple state is checked for an empty or single entry state.A user could trigger the events to cause a kernel oops by unmapping allvmas to produce an empty maple tree, then mapping a vma that would causethe scenario described above.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-36891 | KY3.4-4A | kernel | Unaffected |
| CVE-2024-36891 | KY3.4-5A | kernel | Unaffected |
| CVE-2024-36891 | KY3.5.1 | kernel | Unaffected |
| CVE-2024-36891 | KY3.5.2 | kernel | Unaffected |
| CVE-2024-36891 | V6 | kernel | Unaffected |
