一、 漏洞 CVE-2024-47674 基础信息
漏洞标题
Linux内核pfns释放不当漏洞
来源:AIGC 神龙大模型
漏洞描述信息
在Linux内核中,已解决以下漏洞: mm: 避免在错误情况下留下部分pfn映射 正如Jann指出的,PFN映射是特殊的,因为它与正常的内存映射不同,映射本身没有与之关联的生命周期信息——它仅仅是对PFN的原始映射,并且没有对“struct page”进行引用计数。 这是非常有意识的设计,但这确实意味着在出现错误时,清理操作很容易出错。是的,一个失败的mmap()最终会清理任何部分映射,但由于页面表映射本身没有任何显式的生命周期,错误处理的顺序很容易出错。 特别是,很容易错误地先释放物理后备存储,然后再清理页表,从而暂时留下陈旧的悬空PTE条目。 为了减少这种错误发生的可能性,确保在进行其他错误处理之前,先尽早撤销任何部分pfn映射。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
来源:AIGC 神龙大模型
漏洞类别
不恰当的资源关闭或释放
来源:AIGC 神龙大模型
漏洞标题
mm: avoid leaving partial pfn mappings around in error case
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw mapping of PFNs with no reference counting of a 'struct page'. That's all very much intentional, but it does mean that it's easy to mess up the cleanup in case of errors. Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it's very easy to do the error handling in the wrong order. In particular, it's easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于mm模块在某些情况下会遗留部分 pfn 映射。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-47674 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2024-47674 的情报信息

  • 标题: mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959

  • 标题: Linux: temporarily dangling PFN mapping on remap_pfn_range() failure in usbdev_mmap() (and elsewhere?) [366053091] - Project Zero -- 🔗来源链接

    标签:

    神龙速读
    Linux: temporarily dangling PFN mapping on remap_pfn_range() failure in usbdev_mmap() (and elsewhere?) [366053091] - Project Zero

  • 标题: mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm: avoid leaving partial pfn mappings around in error case - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2024-47674