ghsa-hr6h-7jqj-mx8j
Vulnerability from github
Published
2024-10-21 18:30
Modified
2024-11-07 21:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

static_call: Replace pointless WARN_ON() in static_call_module_notify()

static_call_module_notify() triggers a WARN_ON(), when memory allocation fails in __static_call_add_module().

That's not really justified, because the failure case must be correctly handled by the well known call chain and the error code is passed through to the initiating userspace application.

A memory allocation fail is not a fatal problem, but the WARN_ON() takes the machine out when panic_on_warn is set.

Replace it with a pr_warn().

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-49954"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Replace pointless WARN_ON() in static_call_module_notify()\n\nstatic_call_module_notify() triggers a WARN_ON(), when memory allocation\nfails in __static_call_add_module().\n\nThat\u0027s not really justified, because the failure case must be correctly\nhandled by the well known call chain and the error code is passed\nthrough to the initiating userspace application.\n\nA memory allocation fail is not a fatal problem, but the WARN_ON() takes\nthe machine out when panic_on_warn is set.\n\nReplace it with a pr_warn().",
  "id": "GHSA-hr6h-7jqj-mx8j",
  "modified": "2024-11-07T21:31:37Z",
  "published": "2024-10-21T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49954"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85a104aaef1f56623acc10ba4c42d5f046ba65b7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b83bef74c121a3311240fc4002d23486b85355e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc9356513d56b688775497b7ac6f2b967f46a80c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e67534bd31d79952b50e791e92adf0b3e6c13b8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea2cdf4da093d0482f0ef36ba971e2e0c7673425"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe513c2ef0a172a58f158e2e70465c4317f0a9a2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.