CVE-2024-53172

MEDIUM EPSS 15.3%
Published Dec 27, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In UBI fast attaching process, alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', which will trigger following warning messages: kmem_cache of name 'ubi_aeb_slab_cache' already exists WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107 __kmem_cache_create_args+0x100/0x5f0 Modules linked in: ubi(+) nandsim [last unloaded: nandsim] CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2 RIP: 0010:__kmem_cache_create_args+0x100/0x5f0 Call Trace: __kmem_cache_create_args+0x100/0x5f0 alloc_ai+0x295/0x3f0 [ubi] ubi_attach+0x3c3/0xcc0 [ubi] ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi] ubi_init+0x3fb/0x800 [ubi] do_init_module+0x265/0x7d0 __x64_sys_finit_module+0x7a/0xc0 The problem could be easily reproduced by loading UBI device by fastmap with CONFIG_DEBUG_VM=y. Fix it by using different slab names for alloc_ai() callers.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥4.1  –  <4.19.325
linuxlinux_kernel*≥4.20  –  <5.4.287
linuxlinux_kernel*≥5.5  –  <5.10.231
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 11

  • git.kernel.org https://git.kernel.org/stable/c/04c0b0f37617099479c34e207c5550d081f585a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d8558135cd56a2a8052024be4073e160f36658c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/612824dd0c9465ef365ace38b056c663d110956d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6afdcb285794e75d2c8995e3a44f523c176cc2de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/871c148f8e0c32e505df9393ba4a303c3c3fe988
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1ee0aa4945c49cbbd779da81040fcec4de80fd1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bcddf52b7a17adcebc768d26f4e27cf79adb424c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef52b7191ac41e68b1bf070d00c5b04ed16e4920
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/04c0b0f37617099479c34e207c5550d081f585a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d8558135cd56a2a8052024be4073e160f36658c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/612824dd0c9465ef365ace38b056c663d110956d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6afdcb285794e75d2c8995e3a44f523c176cc2de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7402c4bcb8a3f0d2ef4e687cd45c76be489cf509
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/871c148f8e0c32e505df9393ba4a303c3c3fe988
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1ee0aa4945c49cbbd779da81040fcec4de80fd1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bcddf52b7a17adcebc768d26f4e27cf79adb424c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef52b7191ac41e68b1bf070d00c5b04ed16e4920
    Patch