In the Linux kernel, a vulnerability related to s390/zcrypt has been resolved. This post will discuss the vulnerability in detail, including its exploit details, and the code snippet where it gets fixed. The vulnerability affects the reference counting on zcrypt card objects.
Exploit Details
When hot-plugging crypto cards on KVM guests with a debug kernel build, an issue was discovered regarding the use after free for the load field of the struct zcrypt_card. This problem stemmed from incorrect reference handling of the zcrypt card objects. This could lead to the zcrypt card object being freed while still in use.
The issue is demonstrated in the slab message below
---code snippet taken from the original slab message---
The resolution to this vulnerability involves fixing the reference counting on zcrypt card objects by correcting the use after free issue, ensuring proper functioning of the Linux kernel when hot-plugging crypto cards on KVM guests.
Code Snippet
The patch for this vulnerability involves changes in the source code in various files to avoid the use-after-free issue when hot-plugging crypto cards on KVM guests. The code changes can be found in the original Linux kernel repository or patch mailing lists.
The exact changes in the Linux kernel source code can be seen in the original references, linked below:
- Original reference for zcrypt_card reference counting fix
- Linux kernel commit resolving this issue
By applying the changes from the original references, the Linux kernel's security will be enhanced by ensuring proper reference counting on zcrypt card objects, preventing exploitation of the related use-after-free vulnerability.
In conclusion, CVE-2024-26957 is a vulnerability in the Linux kernel that affects s390/zcrypt card objects' reference counting. By applying the available patch, users can safeguard their systems against potential attacks trying to exploit this issue.
Timeline
Published on: 05/01/2024 06:15:11 UTC
Last modified on: 12/19/2024 08:51:11 UTC