CVE-2024-38569

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through following cmd [1], but the driver does not check whether the array index is out of bounds when writing data to the event_group array. If the number of events in an event_group is greater than HISI_PCIE_MAX_COUNTERS, the memory write overflow of event_group array occurs. Add array index check to fix the possible array out of bounds violation, and return directly when write new events are written to array bounds. There are 9 different events in an event_group. [1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}'

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9	Patch
https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220	Patch
https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b	Patch
https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0	Patch
https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78	Patch
https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9	Patch
https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220	Patch
https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b	Patch
https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0	Patch
https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-06-19 14:15

Updated : 2024-11-21 09:26

NVD link : CVE-2024-38569

Mitre link : CVE-2024-38569

CVE.ORG link : CVE-2024-38569

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-129

Improper Validation of Array Index

{"id": "CVE-2024-38569", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-06-19T14:15:17.060", "references": [{"url": "https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3d1face00ebb7996842aee4214d7d0fb0c77b1e9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/567d34626c22b36579ec0abfdf5eda2949044220", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/77fce82678ea5fd51442e62febec2004f79e041b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/8e9aab2492178f25372f1820bfd9289fbd74efd0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/ff48247144d13a3a0817127703724256008efa78", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi_pcie: Fix out-of-bound access when valid event group\n\nThe perf tool allows users to create event groups through following\ncmd [1], but the driver does not check whether the array index is out of\nbounds when writing data to the event_group array. If the number of events\nin an event_group is greater than HISI_PCIE_MAX_COUNTERS, the memory write\noverflow of event_group array occurs.\n\nAdd array index check to fix the possible array out of bounds violation,\nand return directly when write new events are written to array bounds.\n\nThere are 9 different events in an event_group.\n[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}'"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/perf: hisi_pcie: corrige el acceso fuera de los l\u00edmites cuando el grupo de eventos es v\u00e1lido. La herramienta perf permite a los usuarios crear grupos de eventos mediante el siguiente cmd [1], pero el controlador no compruebe si el \u00edndice de la matriz est\u00e1 fuera de los l\u00edmites al escribir datos en la matriz event_group. Si el n\u00famero de eventos en un event_group es mayor que HISI_PCIE_MAX_COUNTERS, se produce un desbordamiento de escritura en la memoria de la matriz event_group. Agregue la verificaci\u00f3n del \u00edndice de la matriz para corregir la posible infracci\u00f3n de la matriz fuera de los l\u00edmites y regrese directamente cuando se escriban nuevos eventos en los l\u00edmites de la matriz. Hay 9 eventos diferentes en un grupo de eventos. [1] estad\u00edstica de rendimiento -e '{pmu/event1/, ...,pmu/event9/}'"}], "lastModified": "2024-11-21T09:26:22.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "899D7A4F-A23D-4FA2-84B4-4BAA03F98BBC", "versionEndExcluding": "6.1.93", "versionStartIncluding": "5.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2", "versionEndExcluding": "6.8.12", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011", "versionEndExcluding": "6.9.3", "versionStartIncluding": "6.9"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}