CVE-2024-35846
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix shrinker NULL crash with cgroup_disable=memory
Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2].
The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with.
Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well.
[1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b5ba474f3f518701249598b35c581b92a3c95b48 < b0fdabc908a7f81d12382c87ca9e46a9c2e14042 | affected |
| Linux | Linux | b5ba474f3f518701249598b35c581b92a3c95b48 < 682886ec69d22363819a83ddddd5d66cb5c791e1 | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 6.8.9 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042
- https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1
References
- https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042
- https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.