CVE-2023-54194
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree
The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmalloc_array due to system memory fragmentation, while the u-disk was inserted without recognition. Devices such as u-disk using the exfat file system are pluggable and may be insert into the system at any time. However, long-term running systems cannot guarantee the continuity of physical memory. Therefore, it's necessary to address this issue.
Binder:2632_6: page allocation failure: order:4, mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) Call trace: [242178.097582] dump_backtrace+0x0/0x4 [242178.097589] dump_stack+0xf4/0x134 [242178.097598] warn_alloc+0xd8/0x144 [242178.097603] __alloc_pages_nodemask+0x1364/0x1384 [242178.097608] kmalloc_order+0x2c/0x510 [242178.097612] kmalloc_order_trace+0x40/0x16c [242178.097618] __kmalloc+0x360/0x408 [242178.097624] load_alloc_bitmap+0x160/0x284 [242178.097628] exfat_fill_super+0xa3c/0xe7c [242178.097635] mount_bdev+0x2e8/0x3a0 [242178.097638] exfat_fs_mount+0x40/0x50 [242178.097643] mount_fs+0x138/0x2e8 [242178.097649] vfs_kern_mount+0x90/0x270 [242178.097655] do_mount+0x798/0x173c [242178.097659] ksys_mount+0x114/0x1ac [242178.097665] __arm64_sys_mount+0x24/0x34 [242178.097671] el0_svc_common+0xb8/0x1b8 [242178.097676] el0_svc_handler+0x74/0x90 [242178.097681] el0_svc+0x8/0x340
By analyzing the exfat code,we found that continuous physical memory is not required here,so kvmalloc_array is used can solve this problem.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1e49a94cf707204b66a3fb242f2814712c941f52 < 79d16a84ea41272dfcb0c00f9798ddd0edd8098d | affected |
| Linux | Linux | 1e49a94cf707204b66a3fb242f2814712c941f52 < 8a34a242cf03211cc89f68308d149b793f63c479 | affected |
| Linux | Linux | 1e49a94cf707204b66a3fb242f2814712c941f52 < 1427a7e96fb90d0896f74f5bcd21feb03cc7c3d0 | affected |
| Linux | Linux | 1e49a94cf707204b66a3fb242f2814712c941f52 < 0c5c3e8a2550b6b2a304b45f260296db9c09df96 | affected |
| Linux | Linux | 1e49a94cf707204b66a3fb242f2814712c941f52 < daf60d6cca26e50d65dac374db92e58de745ad26 | affected |
| Linux | Linux | 5.7 | affected |
| Linux | Linux | 0 < 5.7 | unaffected |
| Linux | Linux | 5.10.190 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.126 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.45 <= 6.1.* | unaffected |
| Linux | Linux | 6.4.10 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/79d16a84ea41272dfcb0c00f9798ddd0edd8098d
- https://git.kernel.org/stable/c/8a34a242cf03211cc89f68308d149b793f63c479
- https://git.kernel.org/stable/c/1427a7e96fb90d0896f74f5bcd21feb03cc7c3d0
- https://git.kernel.org/stable/c/0c5c3e8a2550b6b2a304b45f260296db9c09df96
- https://git.kernel.org/stable/c/daf60d6cca26e50d65dac374db92e58de745ad26
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.