CVE-2024-57930

MEDIUM EPSS 9.8%
Published Jan 21, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 21, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there's no unwanted dereferencing. It calls process_string() to handle cases in TP_printk() format that has "%s". It returns whether or not the string is safe. But it can have some false positives. For instance, xe_bo_move() has: TP_printk("move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s", __entry->move_lacks_source ? "yes" : "no", __entry->bo, __entry->size, xe_mem_type_to_name[__entry->old_placement], xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) Where the "%s" references into xe_mem_type_to_name[]. This is an array of pointers that should be safe for the event to access. Instead of flagging this as a bad reference, if a reference points to an array, where the record field is the index, consider it safe.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
9.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.1.122  –  <6.1.124
linuxlinux_kernel*≥6.6.68  –  <6.6.70
linuxlinux_kernel*≥6.12.7  –  <6.12.9
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3bcdc9039a6e9e6e47ed689a37b8d57894a3c571
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/631b1e09e213c86d5a4ce23d45c81af473bb0ac7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92bd18c74624e5eb9f96e70076aa46293f4b626f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afc6717628f959941d7b33728570568b4af1c4b8
    Patch