CVE-2024-53097
Vulnerability Scoring
Attack Complexity Details
- Attack Complexity: Low Impact
- Attack Vector: LOCAL
- Privileges Required: Low Impact
- Scope: UNCHANGED
- User Interaction: NONE
CIA Impact Definition
- Confidentiality:
- Integrity:
- Availability: HIGH IMPACT
CVE-2024-53097 Vulnerability Summary
In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO") which causes MTE (Memory Tagging Extension) to falsely report a slab-out-of-bounds error. The problem occurs when zeroing out spare memory in __do_krealloc. The original code only considered software-based KASAN and did not account for MTE. It does not reset the KASAN tag before calling memset, leading to a mismatch between the pointer tag and the memory tag, resulting in a false positive. Example of the error: ================================================================== swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188 swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1 swapper/0: Pointer tag: [f4], memory tag: [fe] swapper/0: swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12. swapper/0: Hardware name: MT6991(ENG) (DT) swapper/0: Call trace: swapper/0: dump_backtrace+0xfc/0x17c swapper/0: show_stack+0x18/0x28 swapper/0: dump_stack_lvl+0x40/0xa0 swapper/0: print_report+0x1b8/0x71c swapper/0: kasan_report+0xec/0x14c swapper/0: __do_kernel_fault+0x60/0x29c swapper/0: do_bad_area+0x30/0xdc swapper/0: do_tag_check_fault+0x20/0x34 swapper/0: do_mem_abort+0x58/0x104 swapper/0: el1_abort+0x3c/0x5c swapper/0: el1h_64_sync_handler+0x80/0xcc swapper/0: el1h_64_sync+0x68/0x6c swapper/0: __memset+0x84/0x188 swapper/0: btf_populate_kfunc_set+0x280/0x3d8 swapper/0: __register_btf_kfunc_id_set+0x43c/0x468 swapper/0: register_btf_kfunc_id_set+0x48/0x60 swapper/0: register_nf_nat_bpf+0x1c/0x40 swapper/0: nf_nat_init+0xc0/0x128 swapper/0: do_one_initcall+0x184/0x464 swapper/0: do_initcall_level+0xdc/0x1b0 swapper/0: do_initcalls+0x70/0xc0 swapper/0: do_basic_setup+0x1c/0x28 swapper/0: kernel_init_freeable+0x144/0x1b8 swapper/0: kernel_init+0x20/0x1a8 swapper/0: ret_from_fork+0x10/0x20 ==================================================================
Need help fixing CVEs? Check out our Step-by-Step Guide on How to Fix CVEs.
Access Complexity Graph for CVE-2024-53097
Impact Analysis for CVE-2024-53097
CVE-2024-53097: Detailed Information and External References
EPSS
0.00042
EPSS %
0.04978
References
0.00042
- https://git.kernel.org/stable/c/3dfb40da84f26dd35dd9bbaf626a2424565b8406
- https://git.kernel.org/stable/c/486aeb5f1855c75dd810c25036134961bd2a6722
- https://git.kernel.org/stable/c/704573851b51808b45dae2d62059d1d8189138a2
- https://git.kernel.org/stable/c/71548fada7ee0eb50cc6ccda82dff010c745f92c
- https://git.kernel.org/stable/c/8ebee7565effdeae6085458f8f8463363120a871
- https://git.kernel.org/stable/c/d02492863023431c31f85d570f718433c22b9311
- https://git.kernel.org/stable/c/d43f1430d47c22a0727c05b6f156ed25fecdfeb4
CWE
NVD-CWE-noinfo
Vulnerable Configurations
-
cpe:2.3:o:linux:linux_kernel:5.10.227:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10.227:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:5.10.229:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.10.229:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:5.15.168:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15.168:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:5.15.170:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15.170:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:5.15.171:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15.171:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:5.15.172:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15.172:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.1.113:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.113:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.1.114:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.114:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.1.115:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.115:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.1.116:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.116:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.1.117:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.117:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.6.55:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.55:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.6.56:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.56:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.6.57:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.57:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.6.58:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.58:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.6.59:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.59:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.6.60:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.60:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.6.61:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.61:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.11.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11.3:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.11.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11.4:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.11.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11.5:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.11.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11.6:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.11.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11.7:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.11.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11.8:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:6.10.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10.14:*:*:*:*:*:*:*
CVSS3 Source
nvd@nist.gov
CVSS3 Type
Primary
CVSS3 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Protect Your Infrastructure: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.