一、 漏洞 CVE-2024-26674 基础信息
漏洞标题
没有
来源:AIGC 神龙大模型
漏洞描述信息
在 Linux 内核中,已解决以下漏洞: x86/lib:对于 {get,put}_user() 修复程序,回滚到 _ASM_EXTABLE_UA() 在针对内核 v6.4 及更高版本进行内存错误注入测试时,内核会像下面这样崩溃。但是,在 v6.3 及更早版本的内核中无法重现此问题。 mce: [Hardware Error]: CPU 296: Machine Check Exception: f Bank 1: bd80000000100134 mce: [Hardware Error]: RIP 10:<ffffffff821b9776> {__get_user_nocheck_4+0x6/0x20} mce: [Hardware Error]: TSC 411a93533ed ADDR 346a8730040 MISC 86 mce: [Hardware Error]: PROCESSOR 0:a06d0 TIME 1706000767 SOCKET 1 APIC 211 microcode 80001490 mce: [Hardware Error]: Run the above through 'mcelog --ascii' mce: [Hardware Error]: Machine check: Data load in unrecoverable area of kernel Kernel panic - not syncing: Fatal local machine check 如果修复类型为 EX_TYPE_UACCESS,MCA 代码可以从内核中的 #MC 中恢复,明确表示内核正在尝试访问用户空间内存。但是,如果修复类型为 EX_TYPE_DEFAULT,则对于内核中的 #MC 只会引发恐慌。 ex_handler_uaccess() 会在 {get, put}_user() 接收非规范地址(第 63 位清除)时发出警告,这是出乎意料的。 因此,提交 b19b74bc99b1 ("x86/mm: Rework address range check in get_user() and put_user()") 将 {get, put}_user() 的修复程序从 _ASM_EXTABLE_UA() 替换为 _ASM_EXTABLE()。但是,新的修复类型 EX_TYPE_DEFAULT 导致了恐慌。 提交 6014bc27561f ("x86-64: make access_ok() independent of LAM") 在 ex_handler_uaccess() 中的 WARN_ONCE() 之前添加了 gp_fault_address_ok() 检查,以避免由于 LAM 而警告非规范用户地址。 有了这个检查,将 {get,put}_user() 异常修复程序恢复到 _ASM_EXTABLE_UA(),以便正确再次处理内核 MCE。 [ bp: 修改提交信息。 ]
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
来源:AIGC 神龙大模型
漏洞类别
对异常条件的处理不恰当
来源:AIGC 神龙大模型
漏洞标题
x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel panics like below. However, this issue couldn't be reproduced on kernels <= v6.3. mce: [Hardware Error]: CPU 296: Machine Check Exception: f Bank 1: bd80000000100134 mce: [Hardware Error]: RIP 10:<ffffffff821b9776> {__get_user_nocheck_4+0x6/0x20} mce: [Hardware Error]: TSC 411a93533ed ADDR 346a8730040 MISC 86 mce: [Hardware Error]: PROCESSOR 0:a06d0 TIME 1706000767 SOCKET 1 APIC 211 microcode 80001490 mce: [Hardware Error]: Run the above through 'mcelog --ascii' mce: [Hardware Error]: Machine check: Data load in unrecoverable area of kernel Kernel panic - not syncing: Fatal local machine check The MCA code can recover from an in-kernel #MC if the fixup type is EX_TYPE_UACCESS, explicitly indicating that the kernel is attempting to access userspace memory. However, if the fixup type is EX_TYPE_DEFAULT the only thing that is raised for an in-kernel #MC is a panic. ex_handler_uaccess() would warn if users gave a non-canonical addresses (with bit 63 clear) to {get, put}_user(), which was unexpected. Therefore, commit b19b74bc99b1 ("x86/mm: Rework address range check in get_user() and put_user()") replaced _ASM_EXTABLE_UA() with _ASM_EXTABLE() for {get, put}_user() fixups. However, the new fixup type EX_TYPE_DEFAULT results in a panic. Commit 6014bc27561f ("x86-64: make access_ok() independent of LAM") added the check gp_fault_address_ok() right before the WARN_ONCE() in ex_handler_uaccess() to not warn about non-canonical user addresses due to LAM. With that in place, revert back to _ASM_EXTABLE_UA() for {get,put}_user() exception fixups in order to be able to handle in-kernel MCEs correctly again. [ bp: Massage commit message. ]
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于 _ASM_EXTABLE_UA 存在安全漏洞。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-26674 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-26674 的情报信息