[SRU][J][PATCH 0/1] CVE-2024-53097
Bethany Jamison
bethany.jamison at canonical.com
Fri Dec 6 21:05:07 UTC 2024
[Impact]
mm: krealloc: Fix MTE false alarm in __do_krealloc
This patch addresses an issue introduced by commit 1a83a71 ("mm:
krealloc: consider spare memory for __GFP_ZERO") which causes MTE
(Memory Tagging Extension) to falsely report a slab-out-of-bounds error.
The problem occurs when zeroing out spare memory in __do_krealloc. The
original code only considered software-based KASAN and did not account
for MTE. It does not reset the KASAN tag before calling memset, leading
to a mismatch between the pointer tag and the memory tag, resulting
in a false positive.
[Fix]
Oracular: not-affected
Jammy: Clean cherry-pick from linux-5.15.y
Focal: not-affected
Bionic: not-affected
Xenial: not-affected
Trusty: not-affected
[Test Case]
Compile tested.
[Where problems could occur]
This fix affects those who use slab allocator functions that are
independent of the allocator strategy, an issue with this fix would be
visible to the user via inaccurate slab-out-of-bounds errors.
Qun-Wei Lin (1):
mm: krealloc: Fix MTE false alarm in __do_krealloc
mm/slab_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list