Ubuntu: (Multiple Advisories) (CVE-2024-42234): Linux kernel kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-42234): Linux kernel kernel vulnerabilities

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

08/07/2024

Created

11/05/2024

Added

11/04/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from deferred_split_scan()'s folio_put(), and a variety of other BUG and WARN symptoms implying double free by deferred split and large folio migration. 6.7 commit 9bcef5973e31 ("mm: memcg: fix split queue list crash when large folio migration") was right to fix the memcg-dependent locking broken in 85ce2c517ade ("memcontrol: only transfer the memcg data for migration"), but missed a subtlety of deferred_split_scan(): it moves folios to its own local list to work on them without split_queue_lock, during which time folio->_deferred_list is not empty, but even the "right" lock does nothing to secure the folio and the list it is on. Fortunately, deferred_split_scan() is careful to use folio_try_get(): so folio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() while the old folio's reference count is temporarily frozen to 0 - adding such a freeze in the !mapping case too (originally, folio lock and unmapping and no swap cache left an anon folio unreachable, so no freezing was needed there: but the deferred split queue offers a way to reach it).

Solution(s)

• ubuntu-upgrade-linux-image-6-8-0-1002-gkeop
• ubuntu-upgrade-linux-image-6-8-0-1013-gke
• ubuntu-upgrade-linux-image-6-8-0-1014-ibm
• ubuntu-upgrade-linux-image-6-8-0-1014-raspi
• ubuntu-upgrade-linux-image-6-8-0-1015-oracle
• ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k
• ubuntu-upgrade-linux-image-6-8-0-1016-azure
• ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde
• ubuntu-upgrade-linux-image-6-8-0-1016-gcp
• ubuntu-upgrade-linux-image-6-8-0-1016-oem
• ubuntu-upgrade-linux-image-6-8-0-1017-azure
• ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde
• ubuntu-upgrade-linux-image-6-8-0-1017-gcp
• ubuntu-upgrade-linux-image-6-8-0-1017-nvidia
• ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k
• ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-6-8-0-1018-aws
• ubuntu-upgrade-linux-image-6-8-0-48-generic
• ubuntu-upgrade-linux-image-6-8-0-48-generic-64k
• ubuntu-upgrade-linux-image-6-8-0-48-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
• ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
• ubuntu-upgrade-linux-image-generic-hwe-22-04
• ubuntu-upgrade-linux-image-generic-hwe-24-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-gkeop
• ubuntu-upgrade-linux-image-gkeop-6-8
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-ibm-classic
• ubuntu-upgrade-linux-image-ibm-lts-24-04
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
• ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
• ubuntu-upgrade-linux-image-lowlatency-hwe-24-04
• ubuntu-upgrade-linux-image-nvidia
• ubuntu-upgrade-linux-image-nvidia-6-8
• ubuntu-upgrade-linux-image-nvidia-64k
• ubuntu-upgrade-linux-image-nvidia-64k-6-8
• ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04
• ubuntu-upgrade-linux-image-nvidia-hwe-22-04
• ubuntu-upgrade-linux-image-nvidia-lowlatency
• ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-oem-22-04
• ubuntu-upgrade-linux-image-oem-22-04a
• ubuntu-upgrade-linux-image-oem-22-04b
• ubuntu-upgrade-linux-image-oem-22-04c
• ubuntu-upgrade-linux-image-oem-22-04d
• ubuntu-upgrade-linux-image-oem-24-04
• ubuntu-upgrade-linux-image-oem-24-04a
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-oracle-64k
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-22-04
• ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

• https://attackerkb.com/topics/cve-2024-42234
• CVE - 2024-42234
• USN-7089-1
• USN-7089-2
• USN-7089-3
• USN-7089-4
• USN-7089-5
• USN-7089-6
• USN-7089-7
• USN-7090-1
• USN-7095-1
• USN-7156-1

View more