Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-36478): Linux kernel vulnerabilities

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Ubuntu: (Multiple Advisories) (CVE-2024-36478): Linux kernel vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

06/21/2024

Created

09/13/2024

Added

09/12/2024

Modified

09/25/2024

Description

In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done Test result: BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: <TASK> lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues(): nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev->nullb) // still set while gendisk is deleted return 0 blk_mq_update_nr_hw_queues dev->nullb = NULL Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.

Solution(s)

ubuntu-upgrade-linux-image-6-8-0-1010-gke
ubuntu-upgrade-linux-image-6-8-0-1011-raspi
ubuntu-upgrade-linux-image-6-8-0-1012-ibm
ubuntu-upgrade-linux-image-6-8-0-1012-oem
ubuntu-upgrade-linux-image-6-8-0-1012-oracle
ubuntu-upgrade-linux-image-6-8-0-1012-oracle-64k
ubuntu-upgrade-linux-image-6-8-0-1013-nvidia
ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-64k
ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency
ubuntu-upgrade-linux-image-6-8-0-1013-nvidia-lowlatency-64k
ubuntu-upgrade-linux-image-6-8-0-1014-azure
ubuntu-upgrade-linux-image-6-8-0-1014-azure-fde
ubuntu-upgrade-linux-image-6-8-0-1014-gcp
ubuntu-upgrade-linux-image-6-8-0-1015-aws
ubuntu-upgrade-linux-image-6-8-0-44-generic
ubuntu-upgrade-linux-image-6-8-0-44-generic-64k
ubuntu-upgrade-linux-image-6-8-0-44-lowlatency
ubuntu-upgrade-linux-image-6-8-0-44-lowlatency-64k
ubuntu-upgrade-linux-image-6-8-0-45-generic
ubuntu-upgrade-linux-image-6-8-0-45-generic-64k
ubuntu-upgrade-linux-image-aws
ubuntu-upgrade-linux-image-azure
ubuntu-upgrade-linux-image-azure-fde
ubuntu-upgrade-linux-image-gcp
ubuntu-upgrade-linux-image-generic
ubuntu-upgrade-linux-image-generic-64k
ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
ubuntu-upgrade-linux-image-generic-hwe-22-04
ubuntu-upgrade-linux-image-generic-hwe-24-04
ubuntu-upgrade-linux-image-generic-lpae
ubuntu-upgrade-linux-image-gke
ubuntu-upgrade-linux-image-ibm
ubuntu-upgrade-linux-image-ibm-classic
ubuntu-upgrade-linux-image-ibm-lts-24-04
ubuntu-upgrade-linux-image-kvm
ubuntu-upgrade-linux-image-lowlatency
ubuntu-upgrade-linux-image-lowlatency-64k
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
ubuntu-upgrade-linux-image-nvidia
ubuntu-upgrade-linux-image-nvidia-6-8
ubuntu-upgrade-linux-image-nvidia-64k
ubuntu-upgrade-linux-image-nvidia-64k-6-8
ubuntu-upgrade-linux-image-nvidia-lowlatency
ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
ubuntu-upgrade-linux-image-oem-22-04
ubuntu-upgrade-linux-image-oem-22-04a
ubuntu-upgrade-linux-image-oem-22-04b
ubuntu-upgrade-linux-image-oem-22-04c
ubuntu-upgrade-linux-image-oem-22-04d
ubuntu-upgrade-linux-image-oracle
ubuntu-upgrade-linux-image-oracle-64k
ubuntu-upgrade-linux-image-raspi
ubuntu-upgrade-linux-image-virtual
ubuntu-upgrade-linux-image-virtual-hwe-22-04
ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

https://attackerkb.com/topics/cve-2024-36478
CVE - 2024-36478
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7008-1
USN-7029-1

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-36478): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-36478): Linux kernel vulnerabilities

Description

Solution(s)

References

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.