vulnerability

Amazon Linux AMI: CVE-2024-56650: Security patch for kernel (ALAS-2025-1970)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:C)
Published
Dec 27, 2024
Added
Apr 18, 2025
Modified
May 21, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:



netfilter: x_tables: fix LED ID check in led_tg_check()



Syzbot has reported the following BUG detected by KASAN:



BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70


Read of size 1 at addr ffff8881022da0c8 by task repro/5879


...


Call Trace:


<TASK>


dump_stack_lvl+0x241/0x360


? __pfx_dump_stack_lvl+0x10/0x10


? __pfx__printk+0x10/0x10


? _printk+0xd5/0x120


? __virt_addr_valid+0x183/0x530


? __virt_addr_valid+0x183/0x530


print_report+0x169/0x550


? __virt_addr_valid+0x183/0x530


? __virt_addr_valid+0x183/0x530


? __virt_addr_valid+0x45f/0x530


? __phys_addr+0xba/0x170


? strlen+0x58/0x70


kasan_report+0x143/0x180


? strlen+0x58/0x70


strlen+0x58/0x70


kstrdup+0x20/0x80


led_tg_check+0x18b/0x3c0


xt_check_target+0x3bb/0xa40


? __pfx_xt_check_target+0x10/0x10


? stack_depot_save_flags+0x6e4/0x830


? nft_target_init+0x174/0xc30


nft_target_init+0x82d/0xc30


? __pfx_nft_target_init+0x10/0x10


? nf_tables_newrule+0x1609/0x2980


? nf_tables_newrule+0x1609/0x2980


? rcu_is_watching+0x15/0xb0


? nf_tables_newrule+0x1609/0x2980


? nf_tables_newrule+0x1609/0x2980


? __kmalloc_noprof+0x21a/0x400


nf_tables_newrule+0x1860/0x2980


? __pfx_nf_tables_newrule+0x10/0x10


? __nla_parse+0x40/0x60


nfnetlink_rcv+0x14e5/0x2ab0


? __pfx_validate_chain+0x10/0x10


? __pfx_nfnetlink_rcv+0x10/0x10


? __lock_acquire+0x1384/0x2050


? netlink_deliver_tap+0x2e/0x1b0


? __pfx_lock_release+0x10/0x10


? netlink_deliver_tap+0x2e/0x1b0


netlink_unicast+0x7f8/0x990


? __pfx_netlink_unicast+0x10/0x10


? __virt_addr_valid+0x183/0x530


? __check_object_size+0x48e/0x900


netlink_sendmsg+0x8e4/0xcb0


? __pfx_netlink_sendmsg+0x10/0x10


? aa_sock_msg_perm+0x91/0x160


? __pfx_netlink_sendmsg+0x10/0x10


__sock_sendmsg+0x223/0x270


____sys_sendmsg+0x52a/0x7e0


? __pfx_____sys_sendmsg+0x10/0x10


__sys_sendmsg+0x292/0x380


? __pfx___sys_sendmsg+0x10/0x10


? lockdep_hardirqs_on_prepare+0x43d/0x780


? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10


? exc_page_fault+0x590/0x8c0


? do_syscall_64+0xb6/0x230


do_syscall_64+0xf3/0x230


entry_SYSCALL_64_after_hwframe+0x77/0x7f


...


</TASK>



Since an invalid (without '\0' byte at all) byte sequence may be passed


from userspace, add an extra check to ensure that such a sequence is


rejected as possible ID and so never passed to 'kstrdup()' and further.

Solution

amazon-linux-upgrade-kernel

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today