Ubuntu: (Multiple Advisories) (CVE-2024-36925): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Using restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction with dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following crash when initialising the restricted pools at boot-time: | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 | Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP | pc : rmem_swiotlb_device_init+0xfc/0x1ec | lr : rmem_swiotlb_device_init+0xf0/0x1ec | Call trace: | rmem_swiotlb_device_init+0xfc/0x1ec | of_reserved_mem_device_init_by_idx+0x18c/0x238 | of_dma_configure_id+0x31c/0x33c | platform_dma_configure+0x34/0x80 faddr2line reveals that the crash is in the list validation code: include/linux/list.h:83 include/linux/rculist.h:79 include/linux/rculist.h:106 kernel/dma/swiotlb.c:306 kernel/dma/swiotlb.c:1695 because add_mem_pool() is trying to list_add_rcu() to a NULL 'mem->pools'. Fix the crash by initialising the 'mem->pools' list_head in rmem_swiotlb_device_init() before calling add_mem_pool().
Solution(s)
- ubuntu-upgrade-linux-image-6-8-0-1008-gke
- ubuntu-upgrade-linux-image-6-8-0-1009-raspi
- ubuntu-upgrade-linux-image-6-8-0-1010-ibm
- ubuntu-upgrade-linux-image-6-8-0-1010-oem
- ubuntu-upgrade-linux-image-6-8-0-1010-oracle
- ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k
- ubuntu-upgrade-linux-image-6-8-0-1011-nvidia
- ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k
- ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency
- ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k
- ubuntu-upgrade-linux-image-6-8-0-1012-gcp
- ubuntu-upgrade-linux-image-6-8-0-1013-aws
- ubuntu-upgrade-linux-image-6-8-0-40-generic
- ubuntu-upgrade-linux-image-6-8-0-40-generic-64k
- ubuntu-upgrade-linux-image-6-8-0-40-lowlatency
- ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k
- ubuntu-upgrade-linux-image-aws
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
- ubuntu-upgrade-linux-image-generic-hwe-24-04
- ubuntu-upgrade-linux-image-generic-lpae
- ubuntu-upgrade-linux-image-gke
- ubuntu-upgrade-linux-image-ibm
- ubuntu-upgrade-linux-image-ibm-classic
- ubuntu-upgrade-linux-image-ibm-lts-24-04
- ubuntu-upgrade-linux-image-kvm
- ubuntu-upgrade-linux-image-lowlatency
- ubuntu-upgrade-linux-image-lowlatency-64k
- ubuntu-upgrade-linux-image-nvidia
- ubuntu-upgrade-linux-image-nvidia-6-8
- ubuntu-upgrade-linux-image-nvidia-64k
- ubuntu-upgrade-linux-image-nvidia-64k-6-8
- ubuntu-upgrade-linux-image-nvidia-lowlatency
- ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
- ubuntu-upgrade-linux-image-oem-24-04
- ubuntu-upgrade-linux-image-oem-24-04a
- ubuntu-upgrade-linux-image-oracle
- ubuntu-upgrade-linux-image-oracle-64k
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-24-04
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center