CVE-2024-57917: Linux kernel vulnerability resolved - topology: Keep the cpumask unchanged when printing cpumap

In the world of cybersecurity, keeping track of vulnerabilities and patches is crucial to ensure the safety of our systems. Recently, a significant bug in the Linux kernel was detected and subsequently fixed. In this post, we'll dive into the details of CVE-2024-57917, a vulnerability in the Linux kernel involving the handling of the cpumask. Get ready for some code snippets, original references, and a look at how this exploit was discovered and ultimately resolved.

Vulnerability Details

The vulnerability is specifically related to the Linux kernel's handling of the cpumask when printing the cpumap. During fuzz testing, a warning was uncovered, indicating the possibility of a mismatch in the lengths of formatted strings returned by the kvasprintf() function.

Here's the original warning uncovered during fuzz testing

 different return values (15 and 11) from vsnprintf("%*pbl
 ", ...)

 test:keyward is WARNING in kvasprintf
 WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+x121/x130
 Call Trace:
  kvasprintf+x121/x130
  kasprintf+xa6/xe
  bitmap_print_to_buf+x89/x100
  core_siblings_list_read+x7e/xb
  kernfs_file_read_iter+x15b/x270
  new_sync_read+x153/x260
  vfs_read+x215/x290
  ksys_read+xb9/x160
  do_syscall_64+x56/x100
  entry_SYSCALL_64_after_hwframe+x78/xe2

Now, let's break down the call trace to better understand the issue. The kvasprintf() function is responsible for printing the core_siblings_list, and it comprises several steps:

Check whether the lengths of the formatted strings returned in steps (1) and (2) are consistent.

The problem arises when the core_cpumask is modified between steps (1) and (3). This alteration can cause a mismatch in the lengths obtained during these two steps. As it turns out, the fuzz testing included CPU hotplugging, which should modify the core_cpumask while printing.

The Fix

The solution to this problem is simple: cache the cpumask into a temporary variable before calling cpumap_print_{list, cpumask}_to_buf(). This step ensures that the cpumask remains unchanged during the printing process. By implementing this fix, the vulnerability is effectively addressed, and the Linux kernel is one step closer to being fully secured.

Wrapping Up

CVE-2024-57917 highlights the importance of thorough testing, patching, and vigilance in the world of cybersecurity. An issue as seemingly minor as a discrepancy in string lengths can lead to unforeseen complications and vulnerabilities. By addressing this issue with a simple fix, the Linux kernel can continue to provide a solid foundation for countless systems worldwide.

You can learn more about this vulnerability by visiting the *Linux kernel mailing list*, which is the primary source for information on this topic. Stay updated on the latest security patches and vulnerability reports, so you can keep your systems safe and sound.

Timeline

Published on: 01/19/2025 12:15:25 UTC
Last modified on: 01/23/2025 17:15:20 UTC