CVE-2024-53172: Resolving the "ubi: fastmap: Fix duplicate slab cache names while attaching" Vulnerability in the Linux Kernel

A recent vulnerability, identified as CVE-2024-53172, has been discovered and resolved in the Linux kernel. The issue stems from duplicate slab cache names encountered during the UBI fast attaching process. In this post, we will outline the details of this vulnerability, provide a code snippet demonstrating the issue, and reference the original commits that address this problem.

Vulnerability Details

Since commit [4c39529663b9]("slab: Warn on duplicate cache names when DEBUG_VM=y"), the Linux kernel is capable of detecting duplicate slab cache names, which allows it to throw out a kernel WARNING.

The problem occurs during the UBI fast attaching process, where alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache'. This triggers the following warning messages:

kmem_cache of name 'ubi_aeb_slab_cache' already exists
WARNING: CPU:  PID: 7519 at mm/slab_common.c:107
          __kmem_cache_create_args+x100/x5f
Modules linked in: ubi(+) nandsim [last unloaded: nandsim]
CPU:  UID:  PID: 7519 Comm: modprobe Tainted: G 6.12.-rc2
RIP: 001:__kmem_cache_create_args+x100/x5f
Call Trace:
   __kmem_cache_create_args+x100/x5f
   alloc_ai+x295/x3f [ubi]
   ubi_attach+x3c3/xcc [ubi]
   ubi_attach_mtd_dev+x17cf/x3fa [ubi]
   ubi_init+x3fb/x800 [ubi]
   do_init_module+x265/x7d
   __x64_sys_finit_module+x7a/xc

This problem can be easily reproduced by loading the UBI device using fastmap with CONFIG_DEBUG_VM=y enabled.

Code Fix

The vulnerability is resolved by employing different slab names for alloc_ai() callers. The code fix is demonstrated in this following commit: [4c39529663b9]("ubi: fastmap: Fix duplicate slab cache names while attaching").

Conclusion

CVE-2024-53172 is an important vulnerability that has now been resolved in the Linux kernel. It is crucial for developers and system administrators to keep their systems up-to-date and apply the appropriate patches to ensure their environment remains secure.

For more information on this vulnerability and the corresponding fix, refer to the original commit [4c39529663b9]("slab: Warn on duplicate cache names when DEBUG_VM=y") and the following commit that demonstrates the fix: [4c39529663b9]("ubi: fastmap: Fix duplicate slab cache names while attaching").

Timeline

Published on: 12/27/2024 14:15:24 UTC
Last modified on: 01/20/2025 06:20:28 UTC