fkie_cve-2024-40984
Vulnerability from fkie_nvd
Published
2024-07-12 13:15
Modified
2024-11-21 09:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlapping page boundaries, as it can trigger warnings if different page attributes are present. However, it was found that when this situation arises, mapping continues until the boundary's end, but there is still an attempt to read/write the entire length of the map, leading to a NULL pointer deference. For example, if a four-byte mapping request is made but only one byte is mapped because it hits the current page boundary's end, a four-byte read/write attempt is still made, resulting in a NULL pointer deference. Instead, map the entire length, as the ACPI specification does not mandate that it must be within the same page boundary. It is permissible for it to be mapped across different regions.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary\u0027s end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary\u0027s\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ACPICA: Revertir \"ACPICA: evitar Informaci\u00f3n: mapeo de m\u00faltiples BAR. Su kernel est\u00e1 bien\". Deshaga las modificaciones realizadas en el commit d410ee5109a1 (\"ACPICA: evite \"Informaci\u00f3n: mapeo de varias BAR. Su kernel est\u00e1 bien.\"\"). El prop\u00f3sito inicial de est\u00e9 commit fue evitar que las asignaciones de memoria para regiones de operaci\u00f3n se superpongan en los l\u00edmites de las p\u00e1ginas, ya que puede generar advertencias si hay diferentes atributos de p\u00e1gina presentes. Sin embargo, se descubri\u00f3 que cuando surge esta situaci\u00f3n, el mapeo contin\u00faa hasta el final del l\u00edmite, pero todav\u00eda hay un intento de leer/escribir en toda la longitud del mapa, lo que lleva a una deferencia del puntero NULL. Por ejemplo, si se realiza una solicitud de asignaci\u00f3n de cuatro bytes pero solo se asigna un byte porque llega al final del l\u00edmite de la p\u00e1gina actual, a\u00fan se realiza un intento de lectura/escritura de cuatro bytes, lo que resulta en una deferencia de puntero NULL. En su lugar, asigne toda la longitud, ya que la especificaci\u00f3n ACPI no exige que deba estar dentro del mismo l\u00edmite de p\u00e1gina. Est\u00e1 permitido mapearlo en diferentes regiones."
    }
  ],
  "id": "CVE-2024-40984",
  "lastModified": "2024-11-21T09:32:00.383",
  "metrics": {},
  "published": "2024-07-12T13:15:19.977",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.