ACK: [SRU][J][PATCH 0/1] CVE-2024-53097
Philip Cox
philip.cox at canonical.com
Wed Dec 18 18:12:02 UTC 2024
On 2024-12-06 4:05 p.m., Bethany Jamison wrote:
> [Impact]
>
> mm: krealloc: Fix MTE false alarm in __do_krealloc
>
> This patch addresses an issue introduced by commit 1a83a71 ("mm:
> krealloc: consider spare memory for __GFP_ZERO") which causes MTE
> (Memory Tagging Extension) to falsely report a slab-out-of-bounds error.
>
> The problem occurs when zeroing out spare memory in __do_krealloc. The
> original code only considered software-based KASAN and did not account
> for MTE. It does not reset the KASAN tag before calling memset, leading
> to a mismatch between the pointer tag and the memory tag, resulting
> in a false positive.
>
> [Fix]
>
> Oracular: not-affected
> Jammy: Clean cherry-pick from linux-5.15.y
> Focal: not-affected
> Bionic: not-affected
> Xenial: not-affected
> Trusty: not-affected
>
> [Test Case]
>
> Compile tested.
>
> [Where problems could occur]
>
> This fix affects those who use slab allocator functions that are
> independent of the allocator strategy, an issue with this fix would be
> visible to the user via inaccurate slab-out-of-bounds errors.
>
> Qun-Wei Lin (1):
> mm: krealloc: Fix MTE false alarm in __do_krealloc
Acked-by: Philip Cox <philip.cox at canonical.com>
> mm/slab_common.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
More information about the kernel-team
mailing list