CVE-2024-42254

Published: Aug 8, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent error handling in io_alloc_pbuf_ring(). KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341 Call Trace: <TASK> io_put_bl io_uring/kbuf.c:378 [inline] io_destroy_buffers+0x14e/0x490 io_uring/kbuf.c:392 io_ring_ctx_free+0xa00/0x1070 io_uring/io_uring.c:2613 io_ring_exit_work+0x80f/0x8a0 io_uring/io_uring.c:2844 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Vendor	Product	Versions
Linux	Linux	affected `46b1b3d81a7e99574e1a2f914086bc2fe382d79d - < 78aefac7efdffddf7889405b7c08e6e0f030fa35` affected `87585b05757dc70545efb434669708d276125559 - < 68d19af95a353f5e2b021602180b65b303eba99d` affected `87585b05757dc70545efb434669708d276125559 - < bcc87d978b834c298bbdd9c52454c5d0a946e97e`
Linux	Linux	affected `6.10` unaffected `0 - < 6.10` unaffected `6.10.1 - <= 6.10.` unaffected `6.11 - <= `

References

https://git.kernel.org/stable/c/78aefac7efdffddf7889405b7c08e6e0f030fa35

https://git.kernel.org/stable/c/68d19af95a353f5e2b021602180b65b303eba99d

https://git.kernel.org/stable/c/bcc87d978b834c298bbdd9c52454c5d0a946e97e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-42254

Description

Affected Products

References