CVE-2024-56566 - Linux Kernel Vulnerability Resolved: Avoiding List Corruption in mm/slub

A recent vulnerability (CVE-2024-56566) in the Linux kernel has been resolved. The issue involves the memory management subsystem, specifically the Slab Allocator (mm/slub). This vulnerability could have led to list corruption and potentially severe consequences for system stability. The fix involves avoiding list corruption by correctly handling the removal of a slab from the full list. This blog post will provide a brief introduction to the vulnerability, a code snippet illustrating the problem, and the essential exploit details, along with links to the original references.

Details

The Linux kernel's Slab Allocator (mm/slub) is responsible for efficiently managing kernel objects in memory. A recent vulnerability report demonstrated that list corruption could occur when removing a slab from the full list. Booting a system with slub_debug=UFPZ exposed this vulnerability.

In this particular case, when an allocated object failed in alloc_consistency_checks, all objects in the slab would be marked as used, and the slab would be removed from the partial list. However, should an object belonging to that slab be freed later, the remove_full() function would be called, which would eventually lead to list corruption (indicated by a list poison being detected).

The fix for this vulnerability involves marking and isolating the slab page with metadata corruption. This prevents the page from being put back into circulation, thus avoiding list corruption.

Here is the code snippet that demonstrates the problem

[ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100)
[ 4277.387023] ------------[ cut here ]------------
[ 4277.387880] kernel BUG at lib/list_debug.c:56!
...

Exploit Details

- Affected Component: Linux Kernel (mm/slub)

Links to Original References

- Linux Kernel Mailing List - mm/slub: Avoid list corruption when removing a slab from the full list
- Patch for the Linux kernel

Conclusion

The vulnerability affecting the Linux kernel's Slab Allocator has been resolved, and users should update their systems to the latest stable kernel version to ensure they are protected against potential exploits. System administrators should also be aware of the slub_debug=UFPZ option when booting their systems, which could expose any existing vulnerabilities in the mm/slub subsystem. Stay vigilant and keep your systems up-to-date!

Timeline

Published on: 12/27/2024 15:15:15 UTC
Last modified on: 01/20/2025 06:23:12 UTC