摘要:
In the Linux kernel, the following vulnerability has been resolved:mm: list_lru: fix UAF for memory cgroupThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock orcgroup_mutex or others which could prevent returned memcg from beingfreed. Fix it by adding missing rcu read lock.Found by code inspection.[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil] Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com
安全等级: Low
公告ID: KylinSec-SA-2024-3618
发布日期: 2024年9月3日
关联CVE: CVE-2024-43888
In the Linux kernel, the following vulnerability has been resolved:mm: list_lru: fix UAF for memory cgroupThe mem_cgroup_from_slab_obj() is supposed to be called under rcu lock orcgroup_mutex or others which could prevent returned memcg from beingfreed. Fix it by adding missing rcu read lock.Found by code inspection.[songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil] Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-43888 | KY3.4-5A | kernel | Unaffected |
| CVE-2024-43888 | KY3.5.2 | kernel | Unaffected |
| CVE-2024-43888 | V6 | kernel | Unaffected |
