CVE-2024-26675

一、漏洞信息
 漏洞编号：[CVE-2024-26675](https://nvd.nist.gov/vuln/detail/CVE-2024-26675)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0
 CVSS V2.0分值：
  BaseScore：0.0 Low
  Vector：CVSS：2.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:ppp_async: limit MRU to 64Ksyzbot triggered a warning [1] in __alloc_pages():WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)Willem fixed a similar issue in commit c0a2a1b0d631 ( ppp: limit MRU to 64K )Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)[1]: WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543Modules linked in:CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023Workqueue: events_unbound flush_to_ldiscpstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537sp : ffff800093967580x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003fx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0Call trace:  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543  __alloc_pages_node include/linux/gfp.h:238 [inline]  alloc_pages_node include/linux/gfp.h:261 [inline]  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926  __do_kmalloc_node mm/slub.c:3969 [inline]  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]  dev_alloc_skb include/linux/skbuff.h:3248 [inline]  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37  receive_buf drivers/tty/tty_buffer.c:444 [inline]  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494  process_one_work+0x694/0x1204 kernel/workqueue.c:2633  process_scheduled_works kernel/workqueue.c:2706 [inline]  worker_thread+0x938/0xef4 kernel/workqueue.c:2787  kthread+0x288/0x310 kernel/kthread.c:388  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
 漏洞公开时间：2024-04-02 15:15:44
 漏洞创建时间：2024-04-02 15:58:40
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2024-26675
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26675 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-26675 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2272829 | https://bugzilla.suse.com/show_bug.cgi?id=1222379 |
| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024040252-CVE-2024-26675-5b19@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2272829 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/linus/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 (6.8-rc4) | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://www.cve.org/CVERecord?id=CVE-2024-26675 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://ubuntu.com/security/notices/USN-6766-1 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://ubuntu.com/security/notices/USN-6767-1 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://ubuntu.com/security/notices/USN-6767-2 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://ubuntu.com/security/notices/USN-6766-2 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://ubuntu.com/security/notices/USN-6766-3 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2024-26675 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2024-26675 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2024-26675 | https://ubuntu.com/security/CVE-2024-26675 |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675 | https://ubuntu.com/security/CVE-2024-26675 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| linux |  | https://git.kernel.org/linus/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
    In the Linux kernel, the following vulnerability has been resolved:ppp_async: limit MRU to 64Ksyzbot triggered a warning [1] in __alloc_pages():WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)Willem fixed a similar issue in commit c0a2a1b0d631 ( ppp: limit MRU to 64K )Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)[1]: WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543Modules linked in:CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023Workqueue: events_unbound flush_to_ldiscpstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537sp : ffff800093967580x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003fx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0Call trace:  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543  __alloc_pages_node include/linux/gfp.h:238 [inline]  alloc_pages_node include/linux/gfp.h:261 [inline]  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926  __do_kmalloc_node mm/slub.c:3969 [inline]  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]  dev_alloc_skb include/linux/skbuff.h:3248 [inline]  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37  receive_buf drivers/tty/tty_buffer.c:444 [inline]  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494  process_one_work+0x694/0x1204 kernel/workqueue.c:2633  process_scheduled_works kernel/workqueue.c:2706 [inline]  worker_thread+0x938/0xef4 kernel/workqueue.c:2787  kthread+0x288/0x310 kernel/kthread.c:388  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 
 openEuler评分：
  5.5
 Vector：CVSS：2.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(4.19.90):受影响
2.openEuler-20.03-LTS-SP4(4.19.90):受影响
3.openEuler-22.03-LTS(5.10.0):受影响
4.openEuler-22.03-LTS-SP1(5.10.0):受影响
5.openEuler-22.03-LTS-SP2(5.10.0):受影响
6.openEuler-22.03-LTS-SP3(5.10.0):受影响
7.openEuler-22.03-LTS-SP4:不受影响
8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next(5.10.0):不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS(5.10.0):否
4.openEuler-22.03-LTS-SP1(5.10.0):否
5.openEuler-22.03-LTS-SP2(5.10.0):否
6.openEuler-22.03-LTS-SP3(5.10.0):否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next(5.10.0):否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1650

@yangyingliang ,@gatieme ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@oskernel0719 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否))不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):
9.openEuler-24.03-LTS:
10.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：
1.master(6.1.0):
2.openEuler-20.03-LTS-SP1(4.19.90):
3.openEuler-20.03-LTS-SP4(4.19.90):
4.openEuler-22.03-LTS(5.10.0):
5.openEuler-22.03-LTS-Next(5.10.0):
6.openEuler-22.03-LTS-SP1(5.10.0):
7.openEuler-22.03-LTS-SP2(5.10.0):
8.openEuler-22.03-LTS-SP3(5.10.0):
9.openEuler-24.03-LTS:
10.openEuler-24.03-LTS-Next:

-----------------------------------------------------------------------
issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

参考网址	关联pr	状态	补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2024-26675	None	None	https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3 https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982 https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719 https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16 https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8
https://ubuntu.com/security/CVE-2024-26675	None	None	https://discourse.ubuntu.com/c/ubuntu-pro
https://www.opencve.io/cve/CVE-2024-26675	None	None	https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3 https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982 https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719 https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16 https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26675
https://security-tracker.debian.org/tracker/CVE-2024-26675

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

CVE-2024-26675

影响性分析说明：
Reserved.

openEuler评分:(评分和向量)
0.0
CVSS: 3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

CVE-2024-26675

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

ppp_async: limit MRU to 64K

syzbot triggered a warning [1] in __alloc_pages():

WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)

Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")

Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)

[1]:

WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
 pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537
sp : ffff800093967580
x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000
x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0
x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8
x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120
x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005
x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001
x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0
Call trace:
  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
  __alloc_pages_node include/linux/gfp.h:238 [inline]
  alloc_pages_node include/linux/gfp.h:261 [inline]
  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926
  __do_kmalloc_node mm/slub.c:3969 [inline]
  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001
  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651
  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
  dev_alloc_skb include/linux/skbuff.h:3248 [inline]
  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]
  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341
  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37
  receive_buf drivers/tty/tty_buffer.c:444 [inline]
  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
  process_one_work+0x694/0x1204 kernel/workqueue.c:2633
  process_scheduled_works kernel/workqueue.c:2706 [inline]
  worker_thread+0x938/0xef4 kernel/workqueue.c:2787
  kthread+0x288/0x310 kernel/kthread.c:388
  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.master(6.1.0):不受影响
8.openEuler-22.03-LTS-Next:不受影响
9.openEuler-24.03-LTS:不受影响
10.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否

===========================================================

CVE-2024-26675

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

ppp_async: limit MRU to 64K

syzbot triggered a warning [1] in __alloc_pages():

WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)

Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")

Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)

[1]:

WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
 pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537
sp : ffff800093967580
x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000
x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0
x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8
x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120
x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005
x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001
x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0
Call trace:
  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
  __alloc_pages_node include/linux/gfp.h:238 [inline]
  alloc_pages_node include/linux/gfp.h:261 [inline]
  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926
  __do_kmalloc_node mm/slub.c:3969 [inline]
  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001
  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651
  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
  dev_alloc_skb include/linux/skbuff.h:3248 [inline]
  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]
  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341
  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37
  receive_buf drivers/tty/tty_buffer.c:444 [inline]
  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
  process_one_work+0x694/0x1204 kernel/workqueue.c:2633
  process_scheduled_works kernel/workqueue.c:2706 [inline]
  worker_thread+0x938/0xef4 kernel/workqueue.c:2787
  kthread+0x288/0x310 kernel/kthread.c:388
  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.master(6.1.0):不受影响
8.openEuler-22.03-LTS-Next:不受影响
9.openEuler-24.03-LTS:不受影响
10.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否

===========================================================

CVE-2024-26675

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

ppp_async: limit MRU to 64K

syzbot triggered a warning [1] in __alloc_pages():

WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)

Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")

Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)

[1]:

WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
 pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537
sp : ffff800093967580
x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000
x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0
x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8
x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120
x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005
x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001
x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0
Call trace:
  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
  __alloc_pages_node include/linux/gfp.h:238 [inline]
  alloc_pages_node include/linux/gfp.h:261 [inline]
  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926
  __do_kmalloc_node mm/slub.c:3969 [inline]
  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001
  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651
  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
  dev_alloc_skb include/linux/skbuff.h:3248 [inline]
  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]
  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341
  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37
  receive_buf drivers/tty/tty_buffer.c:444 [inline]
  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
  process_one_work+0x694/0x1204 kernel/workqueue.c:2633
  process_scheduled_works kernel/workqueue.c:2706 [inline]
  worker_thread+0x938/0xef4 kernel/workqueue.c:2787
  kthread+0x288/0x310 kernel/kthread.c:388
  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1:受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS:受影响
4.openEuler-22.03-LTS-SP1:受影响
5.openEuler-22.03-LTS-SP2:受影响
6.openEuler-22.03-LTS-SP3:受影响
7.openEuler-22.03-LTS-SP4:不受影响
8.master(6.1.0):不受影响
9.openEuler-22.03-LTS-Next:不受影响
10.openEuler-24.03-LTS:不受影响
11.openEuler-24.03-LTS-Next:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next:否
9.openEuler-24.03-LTS:否
10.openEuler-24.03-LTS-Next:否
11.openEuler-22.03-LTS-SP4:否

===========================================================

src-openEuler/kernel

内容风险标识

评论 (15)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-26675

评论 (15)

搜索帮助

src-openEuler/kernel