A vulnerability (CVE-2024-56718) has been resolved in the Linux kernel, specifically in the net/smc (Shared Memory Communication) area. This vulnerability could cause a crash in the kernel due to improper handling of link down work after the LGR (Link Group) is freed. In this post, we'll explain the nature of this vulnerability, provide a code snippet illustrating the issue, and share links to original references for more details.

Exploit Details

The problem arises when the link down work is scheduled before the LGR is freed but is executed after the freeing. In such a case, it can result in an invalid memory access, causing a kernel crash. To prevent this, it is necessary to hold a reference before scheduling the link down work and releasing the reference after the work is executed or canceled.

Here is a crash call stack that demonstrates this vulnerability

 list_del corruption. prev->next should be ffffb638c9cfe20,
    but was 000000000000000
 ------------[ cut here ]------------
 kernel BUG at lib/list_debug.c:51!
 invalid opcode: 000 [#1] SMP NOPTI
 CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1
 Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014
 Workqueue: events smc_link_down_work [smc]
 RIP: 001:__list_del_entry_valid.cold+x31/x47
 RSP: 0018:ffffb638c9cfdd8 EFLAGS: 00010086

To resolve this issue, the developers added code to hold a reference before scheduling the link down work and releasing the reference after the work execution is completed or canceled.

Original references discussing this vulnerability and its fix can be found at the Linux kernel mailing list:

1. Linux Kernel Mailing List - Net: SMC: add reference count to protect link down work from executing after LGR freed

2. GIT Commit - Fix for the vulnerability in the Linux kernel GIT repository

Conclusion

The Linux kernel vulnerability CVE-2024-56718 in the net/smc area has been resolved by ensuring proper reference handling of link down work after LGR is freed. This fix prevents potential kernel crashes caused by invalid memory access. As a user, it is essential to keep your systems up-to-date with the latest security patches and maintain regular monitoring of ongoing developments in the Linux kernel community.

Timeline

Published on: 12/29/2024 09:15:07 UTC
Last modified on: 01/20/2025 06:26:48 UTC