In the Linux kernel, the following vulnerability has been resolved:
mm: page_ref: remove folio_try_get_rcu()
The below bug was reported on a non-SMP kernel:
[ 275.267158][ T4335] ————[ cut here ]———— [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 275.270679][ T4335] RIP: 0010:try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.272813][ T4335] RSP: 0018:ffffc90005dcf650 EFLAGS: 00010202 [ 275.273346][ T4335] RAX: 0000000000000246 RBX: ffffea00066e0000 RCX: 0000000000000000 [ 275.274032][ T4335] RDX: fffff94000cdc007 RSI: 0000000000000004 RDI: ffffea00066e0034 [ 275.274719][ T4335] RBP: ffffea00066e0000 R08: 0000000000000000 R09: fffff94000cdc006 [ 275.275404][ T4335] R10: ffffea00066e0037 R11: 0000000000000000 R12: 0000000000000136 [ 275.276106][ T4335] R13: ffffea00066e0034 R14: dffffc0000000000 R15: ffffea00066e0008 [ 275.276790][ T4335] FS: 00007fa2f9b61740(0000) GS:ffffffff89d0d000(0000) knlGS:0000000000000000 [ 275.277570][ T4335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.278143][ T4335] CR2: 00007fa2f6c00000 CR3: 0000000134b04000 CR4: 00000000000406f0 [ 275.278833][ T4335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 275.279521][ T4335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 275.280201][ T4335] Call Trace: [ 275.280499][ T4335] [ 275.280751][ T4335] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 275.281087][ T4335] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) [ 275.281463][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.281884][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.282300][ T4335] ? do_error_trap (arch/x86/kernel/traps.c:174) [ 275.282711][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283129][ T4335] ? handle_invalid_op (arch/x86/kernel/traps.c:212) [ 275.283561][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283990][ T4335] ? exc_invalid_op (arch/x86/kernel/traps.c:264) [ 275.284415][ T4335] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 275.284859][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.285278][ T4335] try_grab_folio (mm/gup.c:148) [ 275.285684][ T4335] __get_user_pages (mm/gup.c:1297 (discriminator 1)) [ 275.286111][ T4335] ? __pfx___get_user_pages (mm/gup.c:1188) [ 275.286579][ T4335] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) [ 275.287034][ T4335] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 1)) [ 275.287416][ T4335] __gup_longterm_locked (mm/gup.c:1509 mm/gup.c:2209) [ 275.288192][ T4335] ? __pfx___gup_longterm_locked (mm/gup.c:2204) [ 275.288697][ T4335] ? __pfx_lock_acquire (kernel/locking/lockdep.c:5722) [ 275.289135][ T4335] ? __pfx___might_resched (kernel/sched/core.c:10106) [ 275.289595][ T4335] pin_user_pages_remote (mm/gup.c:3350) [ 275.290041][ T4335] ? __pfx_pin_user_pages_remote (mm/gup.c:3350) [ 275.290545][ T4335] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) [ 275.290961][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.291353][ T4335] process_vm_rw_single_vec+0x142/0x360 [ 275.291900][ T4335] ? __pfx_process_vm_rw_single_vec+0x10/0x10 [ 275.292471][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.292859][ T4335] process_vm_rw_core+0x272/0x4e0 [ 275.293384][ T4335] ? hlock_class (a —truncated—
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 6.6 (including) | 6.6.42 (excluding) |
Linux_kernel | Linux | 6.7 (including) | 6.9.11 (excluding) |
Linux_kernel | Linux | 6.10-rc1 (including) | 6.10-rc1 (including) |
Linux_kernel | Linux | 6.10-rc2 (including) | 6.10-rc2 (including) |
Linux_kernel | Linux | 6.10-rc3 (including) | 6.10-rc3 (including) |
Linux_kernel | Linux | 6.10-rc4 (including) | 6.10-rc4 (including) |
Linux_kernel | Linux | 6.10-rc5 (including) | 6.10-rc5 (including) |
Linux_kernel | Linux | 6.10-rc6 (including) | 6.10-rc6 (including) |
Linux_kernel | Linux | 6.10-rc7 (including) | 6.10-rc7 (including) |
Linux | Ubuntu | noble | * |
Linux | Ubuntu | upstream | * |
Linux-allwinner-5.19 | Ubuntu | jammy | * |
Linux-allwinner-5.19 | Ubuntu | upstream | * |
Linux-aws | Ubuntu | noble | * |
Linux-aws | Ubuntu | upstream | * |
Linux-aws-5.0 | Ubuntu | bionic | * |
Linux-aws-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.0 | Ubuntu | upstream | * |
Linux-aws-5.11 | Ubuntu | focal | * |
Linux-aws-5.11 | Ubuntu | upstream | * |
Linux-aws-5.13 | Ubuntu | focal | * |
Linux-aws-5.13 | Ubuntu | upstream | * |
Linux-aws-5.15 | Ubuntu | upstream | * |
Linux-aws-5.19 | Ubuntu | jammy | * |
Linux-aws-5.19 | Ubuntu | upstream | * |
Linux-aws-5.3 | Ubuntu | bionic | * |
Linux-aws-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.3 | Ubuntu | upstream | * |
Linux-aws-5.4 | Ubuntu | upstream | * |
Linux-aws-5.8 | Ubuntu | focal | * |
Linux-aws-5.8 | Ubuntu | upstream | * |
Linux-aws-6.2 | Ubuntu | jammy | * |
Linux-aws-6.2 | Ubuntu | upstream | * |
Linux-aws-6.5 | Ubuntu | jammy | * |
Linux-aws-6.5 | Ubuntu | upstream | * |
Linux-aws-6.8 | Ubuntu | jammy | * |
Linux-aws-6.8 | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | trusty | * |
Linux-aws-fips | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | xenial | * |
Linux-aws-hwe | Ubuntu | upstream | * |
Linux-azure | Ubuntu | bionic | * |
Linux-azure | Ubuntu | esm-infra/bionic | * |
Linux-azure | Ubuntu | noble | * |
Linux-azure | Ubuntu | upstream | * |
Linux-azure-4.15 | Ubuntu | upstream | * |
Linux-azure-5.11 | Ubuntu | focal | * |
Linux-azure-5.11 | Ubuntu | upstream | * |
Linux-azure-5.13 | Ubuntu | focal | * |
Linux-azure-5.13 | Ubuntu | upstream | * |
Linux-azure-5.15 | Ubuntu | upstream | * |
Linux-azure-5.19 | Ubuntu | jammy | * |
Linux-azure-5.19 | Ubuntu | upstream | * |
Linux-azure-5.3 | Ubuntu | bionic | * |
Linux-azure-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-azure-5.3 | Ubuntu | upstream | * |
Linux-azure-5.4 | Ubuntu | upstream | * |
Linux-azure-5.8 | Ubuntu | focal | * |
Linux-azure-5.8 | Ubuntu | upstream | * |
Linux-azure-6.2 | Ubuntu | jammy | * |
Linux-azure-6.2 | Ubuntu | upstream | * |
Linux-azure-6.5 | Ubuntu | jammy | * |
Linux-azure-6.5 | Ubuntu | upstream | * |
Linux-azure-6.8 | Ubuntu | jammy | * |
Linux-azure-6.8 | Ubuntu | upstream | * |
Linux-azure-edge | Ubuntu | bionic | * |
Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
Linux-azure-edge | Ubuntu | upstream | * |
Linux-azure-fde | Ubuntu | focal | * |
Linux-azure-fde | Ubuntu | upstream | * |
Linux-azure-fde-5.15 | Ubuntu | upstream | * |
Linux-azure-fde-5.19 | Ubuntu | jammy | * |
Linux-azure-fde-5.19 | Ubuntu | upstream | * |
Linux-azure-fde-6.2 | Ubuntu | jammy | * |
Linux-azure-fde-6.2 | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | trusty | * |
Linux-azure-fips | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | xenial | * |
Linux-bluefield | Ubuntu | upstream | * |
Linux-fips | Ubuntu | upstream | * |
Linux-gcp | Ubuntu | bionic | * |
Linux-gcp | Ubuntu | esm-infra/bionic | * |
Linux-gcp | Ubuntu | noble | * |
Linux-gcp | Ubuntu | upstream | * |
Linux-gcp-4.15 | Ubuntu | upstream | * |
Linux-gcp-5.11 | Ubuntu | focal | * |
Linux-gcp-5.11 | Ubuntu | upstream | * |
Linux-gcp-5.13 | Ubuntu | focal | * |
Linux-gcp-5.13 | Ubuntu | upstream | * |
Linux-gcp-5.15 | Ubuntu | upstream | * |
Linux-gcp-5.19 | Ubuntu | jammy | * |
Linux-gcp-5.19 | Ubuntu | upstream | * |
Linux-gcp-5.3 | Ubuntu | bionic | * |
Linux-gcp-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-gcp-5.3 | Ubuntu | upstream | * |
Linux-gcp-5.4 | Ubuntu | upstream | * |
Linux-gcp-5.8 | Ubuntu | focal | * |
Linux-gcp-5.8 | Ubuntu | upstream | * |
Linux-gcp-6.2 | Ubuntu | jammy | * |
Linux-gcp-6.2 | Ubuntu | upstream | * |
Linux-gcp-6.5 | Ubuntu | jammy | * |
Linux-gcp-6.5 | Ubuntu | upstream | * |
Linux-gcp-6.8 | Ubuntu | jammy | * |
Linux-gcp-6.8 | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | trusty | * |
Linux-gcp-fips | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | xenial | * |
Linux-gke | Ubuntu | focal | * |
Linux-gke | Ubuntu | noble | * |
Linux-gke | Ubuntu | upstream | * |
Linux-gke | Ubuntu | xenial | * |
Linux-gke-4.15 | Ubuntu | bionic | * |
Linux-gke-4.15 | Ubuntu | esm-infra/bionic | * |
Linux-gke-4.15 | Ubuntu | upstream | * |
Linux-gke-5.15 | Ubuntu | focal | * |
Linux-gke-5.15 | Ubuntu | upstream | * |
Linux-gke-5.4 | Ubuntu | bionic | * |
Linux-gke-5.4 | Ubuntu | esm-infra/bionic | * |
Linux-gke-5.4 | Ubuntu | upstream | * |
Linux-gkeop | Ubuntu | noble | * |
Linux-gkeop | Ubuntu | upstream | * |
Linux-gkeop-5.15 | Ubuntu | upstream | * |
Linux-gkeop-5.4 | Ubuntu | bionic | * |
Linux-gkeop-5.4 | Ubuntu | esm-infra/bionic | * |
Linux-gkeop-5.4 | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | bionic | * |
Linux-hwe | Ubuntu | esm-infra/bionic | * |
Linux-hwe | Ubuntu | upstream | * |
Linux-hwe-5.11 | Ubuntu | focal | * |
Linux-hwe-5.11 | Ubuntu | upstream | * |
Linux-hwe-5.13 | Ubuntu | focal | * |
Linux-hwe-5.13 | Ubuntu | upstream | * |
Linux-hwe-5.15 | Ubuntu | upstream | * |
Linux-hwe-5.19 | Ubuntu | jammy | * |
Linux-hwe-5.19 | Ubuntu | upstream | * |
Linux-hwe-5.4 | Ubuntu | upstream | * |
Linux-hwe-5.8 | Ubuntu | focal | * |
Linux-hwe-5.8 | Ubuntu | upstream | * |
Linux-hwe-6.2 | Ubuntu | jammy | * |
Linux-hwe-6.2 | Ubuntu | upstream | * |
Linux-hwe-6.5 | Ubuntu | jammy | * |
Linux-hwe-6.5 | Ubuntu | upstream | * |
Linux-hwe-6.8 | Ubuntu | jammy | * |
Linux-hwe-6.8 | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | esm-infra/bionic | * |
Linux-hwe-edge | Ubuntu | esm-infra/xenial | * |
Linux-hwe-edge | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | xenial | * |
Linux-ibm | Ubuntu | noble | * |
Linux-ibm | Ubuntu | upstream | * |
Linux-ibm-5.15 | Ubuntu | upstream | * |
Linux-ibm-5.4 | Ubuntu | upstream | * |
Linux-intel | Ubuntu | upstream | * |
Linux-intel-5.13 | Ubuntu | focal | * |
Linux-intel-5.13 | Ubuntu | upstream | * |
Linux-intel-iot-realtime | Ubuntu | upstream | * |
Linux-intel-iotg | Ubuntu | upstream | * |
Linux-intel-iotg-5.15 | Ubuntu | upstream | * |
Linux-iot | Ubuntu | upstream | * |
Linux-kvm | Ubuntu | upstream | * |
Linux-lowlatency | Ubuntu | noble | * |
Linux-lowlatency | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.15 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.19 | Ubuntu | jammy | * |
Linux-lowlatency-hwe-5.19 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.2 | Ubuntu | jammy | * |
Linux-lowlatency-hwe-6.2 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.5 | Ubuntu | jammy | * |
Linux-lowlatency-hwe-6.5 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.8 | Ubuntu | jammy | * |
Linux-lowlatency-hwe-6.8 | Ubuntu | upstream | * |
Linux-lts-xenial | Ubuntu | upstream | * |
Linux-nvidia | Ubuntu | noble | * |
Linux-nvidia | Ubuntu | upstream | * |
Linux-nvidia-6.2 | Ubuntu | jammy | * |
Linux-nvidia-6.2 | Ubuntu | upstream | * |
Linux-nvidia-6.5 | Ubuntu | upstream | * |
Linux-nvidia-6.8 | Ubuntu | jammy | * |
Linux-nvidia-6.8 | Ubuntu | upstream | * |
Linux-nvidia-lowlatency | Ubuntu | noble | * |
Linux-nvidia-lowlatency | Ubuntu | upstream | * |
Linux-oem | Ubuntu | bionic | * |
Linux-oem | Ubuntu | esm-infra/bionic | * |
Linux-oem | Ubuntu | upstream | * |
Linux-oem | Ubuntu | xenial | * |
Linux-oem-5.10 | Ubuntu | focal | * |
Linux-oem-5.10 | Ubuntu | upstream | * |
Linux-oem-5.13 | Ubuntu | focal | * |
Linux-oem-5.13 | Ubuntu | upstream | * |
Linux-oem-5.14 | Ubuntu | focal | * |
Linux-oem-5.14 | Ubuntu | upstream | * |
Linux-oem-5.17 | Ubuntu | jammy | * |
Linux-oem-5.17 | Ubuntu | upstream | * |
Linux-oem-5.6 | Ubuntu | focal | * |
Linux-oem-5.6 | Ubuntu | upstream | * |
Linux-oem-6.0 | Ubuntu | jammy | * |
Linux-oem-6.0 | Ubuntu | upstream | * |
Linux-oem-6.1 | Ubuntu | jammy | * |
Linux-oem-6.1 | Ubuntu | upstream | * |
Linux-oem-6.11 | Ubuntu | upstream | * |
Linux-oem-6.5 | Ubuntu | jammy | * |
Linux-oem-6.5 | Ubuntu | upstream | * |
Linux-oem-6.8 | Ubuntu | noble | * |
Linux-oem-6.8 | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | noble | * |
Linux-oracle | Ubuntu | upstream | * |
Linux-oracle-5.0 | Ubuntu | bionic | * |
Linux-oracle-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.0 | Ubuntu | upstream | * |
Linux-oracle-5.11 | Ubuntu | focal | * |
Linux-oracle-5.11 | Ubuntu | upstream | * |
Linux-oracle-5.13 | Ubuntu | focal | * |
Linux-oracle-5.13 | Ubuntu | upstream | * |
Linux-oracle-5.15 | Ubuntu | upstream | * |
Linux-oracle-5.3 | Ubuntu | bionic | * |
Linux-oracle-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.3 | Ubuntu | upstream | * |
Linux-oracle-5.4 | Ubuntu | upstream | * |
Linux-oracle-5.8 | Ubuntu | focal | * |
Linux-oracle-5.8 | Ubuntu | upstream | * |
Linux-oracle-6.5 | Ubuntu | jammy | * |
Linux-oracle-6.5 | Ubuntu | upstream | * |
Linux-oracle-6.8 | Ubuntu | jammy | * |
Linux-oracle-6.8 | Ubuntu | upstream | * |
Linux-raspi | Ubuntu | noble | * |
Linux-raspi | Ubuntu | upstream | * |
Linux-raspi-5.4 | Ubuntu | upstream | * |
Linux-raspi-realtime | Ubuntu | realtime/noble | * |
Linux-raspi-realtime | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | bionic | * |
Linux-raspi2 | Ubuntu | focal | * |
Linux-raspi2 | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | xenial | * |
Linux-realtime | Ubuntu | jammy | * |
Linux-realtime | Ubuntu | realtime/noble | * |
Linux-realtime | Ubuntu | upstream | * |
Linux-riscv | Ubuntu | focal | * |
Linux-riscv | Ubuntu | jammy | * |
Linux-riscv | Ubuntu | noble | * |
Linux-riscv | Ubuntu | upstream | * |
Linux-riscv-5.11 | Ubuntu | focal | * |
Linux-riscv-5.11 | Ubuntu | upstream | * |
Linux-riscv-5.15 | Ubuntu | upstream | * |
Linux-riscv-5.19 | Ubuntu | jammy | * |
Linux-riscv-5.19 | Ubuntu | upstream | * |
Linux-riscv-5.8 | Ubuntu | focal | * |
Linux-riscv-5.8 | Ubuntu | upstream | * |
Linux-riscv-6.5 | Ubuntu | jammy | * |
Linux-riscv-6.5 | Ubuntu | upstream | * |
Linux-riscv-6.8 | Ubuntu | jammy | * |
Linux-riscv-6.8 | Ubuntu | upstream | * |
Linux-starfive-5.19 | Ubuntu | jammy | * |
Linux-starfive-5.19 | Ubuntu | upstream | * |
Linux-starfive-6.2 | Ubuntu | jammy | * |
Linux-starfive-6.2 | Ubuntu | upstream | * |
Linux-starfive-6.5 | Ubuntu | jammy | * |
Linux-starfive-6.5 | Ubuntu | upstream | * |
Linux-xilinx-zynqmp | Ubuntu | upstream | * |
While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service. For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.