CVE-2023-54194

Summary

In the Linux kernel, the following vulnerability has been resolved:

exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree

The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmalloc_array due to system memory fragmentation, while the u-disk was inserted without recognition. Devices such as u-disk using the exfat file system are pluggable and may be insert into the system at any time. However, long-term running systems cannot guarantee the continuity of physical memory. Therefore, it's necessary to address this issue.

Binder:2632_6: page allocation failure: order:4, mode:0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) Call trace: [242178.097582] dump_backtrace+0x0/0x4 [242178.097589] dump_stack+0xf4/0x134 [242178.097598] warn_alloc+0xd8/0x144 [242178.097603] __alloc_pages_nodemask+0x1364/0x1384 [242178.097608] kmalloc_order+0x2c/0x510 [242178.097612] kmalloc_order_trace+0x40/0x16c [242178.097618] __kmalloc+0x360/0x408 [242178.097624] load_alloc_bitmap+0x160/0x284 [242178.097628] exfat_fill_super+0xa3c/0xe7c [242178.097635] mount_bdev+0x2e8/0x3a0 [242178.097638] exfat_fs_mount+0x40/0x50 [242178.097643] mount_fs+0x138/0x2e8 [242178.097649] vfs_kern_mount+0x90/0x270 [242178.097655] do_mount+0x798/0x173c [242178.097659] ksys_mount+0x114/0x1ac [242178.097665] __arm64_sys_mount+0x24/0x34 [242178.097671] el0_svc_common+0xb8/0x1b8 [242178.097676] el0_svc_handler+0x74/0x90 [242178.097681] el0_svc+0x8/0x340

By analyzing the exfat code,we found that continuous physical memory is not required here,so kvmalloc_array is used can solve this problem.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1e49a94cf707204b66a3fb242f2814712c941f52 < 79d16a84ea41272dfcb0c00f9798ddd0edd8098daffected
LinuxLinux1e49a94cf707204b66a3fb242f2814712c941f52 < 8a34a242cf03211cc89f68308d149b793f63c479affected
LinuxLinux1e49a94cf707204b66a3fb242f2814712c941f52 < 1427a7e96fb90d0896f74f5bcd21feb03cc7c3d0affected
LinuxLinux1e49a94cf707204b66a3fb242f2814712c941f52 < 0c5c3e8a2550b6b2a304b45f260296db9c09df96affected
LinuxLinux1e49a94cf707204b66a3fb242f2814712c941f52 < daf60d6cca26e50d65dac374db92e58de745ad26affected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.190 <= 5.10.*unaffected
LinuxLinux5.15.126 <= 5.15.*unaffected
LinuxLinux6.1.45 <= 6.1.*unaffected
LinuxLinux6.4.10 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References