Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-41083): Linux kernel vulnerabilities

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Ubuntu: (Multiple Advisories) (CVE-2024-41083): Linux kernel vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

07/29/2024

Created

11/05/2024

Added

11/04/2024

Modified

11/20/2024

Description

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix netfs_page_mkwrite() to check folio->mapping is valid Fix netfs_page_mkwrite() to check that folio->mapping is valid once it has taken the folio lock (as filemap_page_mkwrite() does). Without this, generic/247 occasionally oopses with something like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page RIP: 0010:trace_event_raw_event_netfs_folio+0x61/0xc0 ... Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x6e/0xa0 ? exc_page_fault+0xc2/0xe0 ? asm_exc_page_fault+0x22/0x30 ? trace_event_raw_event_netfs_folio+0x61/0xc0 trace_netfs_folio+0x39/0x40 netfs_page_mkwrite+0x14c/0x1d0 do_page_mkwrite+0x50/0x90 do_pte_missing+0x184/0x200 __handle_mm_fault+0x42d/0x500 handle_mm_fault+0x121/0x1f0 do_user_addr_fault+0x23e/0x3c0 exc_page_fault+0xc2/0xe0 asm_exc_page_fault+0x22/0x30 This is due to the invalidate_inode_pages2_range() issued at the end of the DIO write interfering with the mmap'd writes.

Solution(s)

ubuntu-upgrade-linux-image-6-8-0-1013-gke
ubuntu-upgrade-linux-image-6-8-0-1014-ibm
ubuntu-upgrade-linux-image-6-8-0-1014-raspi
ubuntu-upgrade-linux-image-6-8-0-1015-oracle
ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k
ubuntu-upgrade-linux-image-6-8-0-1016-azure
ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde
ubuntu-upgrade-linux-image-6-8-0-1016-gcp
ubuntu-upgrade-linux-image-6-8-0-1016-oem
ubuntu-upgrade-linux-image-6-8-0-1017-azure
ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde
ubuntu-upgrade-linux-image-6-8-0-1017-gcp
ubuntu-upgrade-linux-image-6-8-0-1017-nvidia
ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k
ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency
ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k
ubuntu-upgrade-linux-image-6-8-0-1018-aws
ubuntu-upgrade-linux-image-6-8-0-48-generic
ubuntu-upgrade-linux-image-6-8-0-48-generic-64k
ubuntu-upgrade-linux-image-6-8-0-48-lowlatency
ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k
ubuntu-upgrade-linux-image-aws
ubuntu-upgrade-linux-image-azure
ubuntu-upgrade-linux-image-azure-fde
ubuntu-upgrade-linux-image-gcp
ubuntu-upgrade-linux-image-generic
ubuntu-upgrade-linux-image-generic-64k
ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
ubuntu-upgrade-linux-image-generic-hwe-22-04
ubuntu-upgrade-linux-image-generic-hwe-24-04
ubuntu-upgrade-linux-image-generic-lpae
ubuntu-upgrade-linux-image-gke
ubuntu-upgrade-linux-image-ibm
ubuntu-upgrade-linux-image-ibm-classic
ubuntu-upgrade-linux-image-ibm-lts-24-04
ubuntu-upgrade-linux-image-kvm
ubuntu-upgrade-linux-image-lowlatency
ubuntu-upgrade-linux-image-lowlatency-64k
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04
ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
ubuntu-upgrade-linux-image-lowlatency-hwe-24-04
ubuntu-upgrade-linux-image-nvidia
ubuntu-upgrade-linux-image-nvidia-6-8
ubuntu-upgrade-linux-image-nvidia-64k
ubuntu-upgrade-linux-image-nvidia-64k-6-8
ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04
ubuntu-upgrade-linux-image-nvidia-hwe-22-04
ubuntu-upgrade-linux-image-nvidia-lowlatency
ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
ubuntu-upgrade-linux-image-oem-22-04
ubuntu-upgrade-linux-image-oem-22-04a
ubuntu-upgrade-linux-image-oem-22-04b
ubuntu-upgrade-linux-image-oem-22-04c
ubuntu-upgrade-linux-image-oem-22-04d
ubuntu-upgrade-linux-image-oem-24-04
ubuntu-upgrade-linux-image-oem-24-04a
ubuntu-upgrade-linux-image-oracle
ubuntu-upgrade-linux-image-oracle-64k
ubuntu-upgrade-linux-image-raspi
ubuntu-upgrade-linux-image-virtual
ubuntu-upgrade-linux-image-virtual-hwe-22-04
ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

https://attackerkb.com/topics/cve-2024-41083
CVE - 2024-41083
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-41083): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-41083): Linux kernel vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.