vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-41087): Linux kernel vulnerabilities

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Jul 29, 2024
Added
Sep 13, 2024
Modified
Jan 28, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: Fix double free on error

If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump
to the err_out label, which will call devres_release_group().
devres_release_group() will trigger a call to ata_host_release().
ata_host_release() calls kfree(host), so executing the kfree(host) in
ata_host_alloc() will lead to a double free:

kernel BUG at mm/slub.c:553!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 11 PID: 599 Comm: (udev-worker) Not tainted 6.10.0-rc5 #47
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
RIP: 0010:kfree+0x2cf/0x2f0
Code: 5d 41 5e 41 5f 5d e9 80 d6 ff ff 4d 89 f1 41 b8 01 00 00 00 48 89 d9 48 89 da
RSP: 0018:ffffc90000f377f0 EFLAGS: 00010246
RAX: ffff888112b1f2c0 RBX: ffff888112b1f2c0 RCX: ffff888112b1f320
RDX: 000000000000400b RSI: ffffffffc02c9de5 RDI: ffff888112b1f2c0
RBP: ffffc90000f37830 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90000f37610 R11: 617461203a736b6e R12: ffffea00044ac780
R13: ffff888100046400 R14: ffffffffc02c9de5 R15: 0000000000000006
FS: 00007f2f1cabe980(0000) GS:ffff88813b380000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2f1c3acf75 CR3: 0000000111724000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:

? __die_body.cold+0x19/0x27
? die+0x2e/0x50
? do_trap+0xca/0x110
? do_error_trap+0x6a/0x90
? kfree+0x2cf/0x2f0
? exc_invalid_op+0x50/0x70
? kfree+0x2cf/0x2f0
? asm_exc_invalid_op+0x1a/0x20
? ata_host_alloc+0xf5/0x120 [libata]
? ata_host_alloc+0xf5/0x120 [libata]
? kfree+0x2cf/0x2f0
ata_host_alloc+0xf5/0x120 [libata]
ata_host_alloc_pinfo+0x14/0xa0 [libata]
ahci_init_one+0x6c9/0xd20 [ahci]

Ensure that we will not call kfree(host) twice, by performing the kfree()
only if the devres_open_group() call failed.

Solution(s)

ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1052-gkeopubuntu-upgrade-linux-image-5-15-0-1062-ibmubuntu-upgrade-linux-image-5-15-0-1062-raspiubuntu-upgrade-linux-image-5-15-0-1064-intel-iotgubuntu-upgrade-linux-image-5-15-0-1064-nvidiaubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1066-gkeubuntu-upgrade-linux-image-5-15-0-1066-kvmubuntu-upgrade-linux-image-5-15-0-1067-oracleubuntu-upgrade-linux-image-5-15-0-1068-gcpubuntu-upgrade-linux-image-5-15-0-1069-awsubuntu-upgrade-linux-image-5-15-0-1072-azureubuntu-upgrade-linux-image-5-15-0-1072-azure-fdeubuntu-upgrade-linux-image-5-15-0-121-genericubuntu-upgrade-linux-image-5-15-0-121-generic-64kubuntu-upgrade-linux-image-5-15-0-121-generic-lpaeubuntu-upgrade-linux-image-5-15-0-121-lowlatencyubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64kubuntu-upgrade-linux-image-5-4-0-1043-iotubuntu-upgrade-linux-image-5-4-0-1051-xilinx-zynqmpubuntu-upgrade-linux-image-5-4-0-1079-ibmubuntu-upgrade-linux-image-5-4-0-1092-bluefieldubuntu-upgrade-linux-image-5-4-0-1099-gkeopubuntu-upgrade-linux-image-5-4-0-1116-raspiubuntu-upgrade-linux-image-5-4-0-1120-kvmubuntu-upgrade-linux-image-5-4-0-1131-oracleubuntu-upgrade-linux-image-5-4-0-1132-awsubuntu-upgrade-linux-image-5-4-0-1136-gcpubuntu-upgrade-linux-image-5-4-0-1137-azureubuntu-upgrade-linux-image-5-4-0-195-genericubuntu-upgrade-linux-image-5-4-0-195-generic-lpaeubuntu-upgrade-linux-image-5-4-0-195-lowlatencyubuntu-upgrade-linux-image-6-8-0-1002-gkeopubuntu-upgrade-linux-image-6-8-0-1013-gkeubuntu-upgrade-linux-image-6-8-0-1014-ibmubuntu-upgrade-linux-image-6-8-0-1014-raspiubuntu-upgrade-linux-image-6-8-0-1015-oracleubuntu-upgrade-linux-image-6-8-0-1015-oracle-64kubuntu-upgrade-linux-image-6-8-0-1016-azureubuntu-upgrade-linux-image-6-8-0-1016-azure-fdeubuntu-upgrade-linux-image-6-8-0-1016-gcpubuntu-upgrade-linux-image-6-8-0-1016-oemubuntu-upgrade-linux-image-6-8-0-1017-azureubuntu-upgrade-linux-image-6-8-0-1017-azure-fdeubuntu-upgrade-linux-image-6-8-0-1017-gcpubuntu-upgrade-linux-image-6-8-0-1017-nvidiaubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1018-awsubuntu-upgrade-linux-image-6-8-0-48-genericubuntu-upgrade-linux-image-6-8-0-48-generic-64kubuntu-upgrade-linux-image-6-8-0-48-lowlatencyubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-lts-20-04ubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-lts-22-04ubuntu-upgrade-linux-image-azure-lts-20-04ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-bluefieldubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-lts-20-04ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-18-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-gkeop-5-4ubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-20-04ubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04ubuntu-upgrade-linux-image-lowlatency-hwe-18-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-24-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oemubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-osp1ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-lts-20-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-hwe-18-04ubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-raspi2ubuntu-upgrade-linux-image-raspi2-hwe-18-04ubuntu-upgrade-linux-image-snapdragon-hwe-18-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-18-04ubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-xilinx-zynqmp

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today