CVE-2024-41065: powerpc/pseries: Whitelist dtl slub object for copying to userspace

Published Jul 29, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

powerpc/pseries: Whitelist dtl slub object for copying to userspace

Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu- results in a BUG() when the config CONFIGHARDENEDUSERCOPY is enabled as shown below.

kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGESIZE=64K MMU=Radix SMP NRCPUS=2048 NUMA pSeries Modules linked in: xfs libcrc32c dmservicetime sdmod t10pi sg ibmvfc scsitransportfc ibmveth pserieswdt dmmultipath dmmirror dmregionhash dmlog dmmod fuse CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85 Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060042) hv:phyp pSeries NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8 REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3) MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 2828220f XER: 0000000e CFAR: c0000000001fdc80 IRQMASK: 0 [ ... GPRs omitted ... ] NIP [c0000000005d23d4] usercopyabort+0x78/0xb0 LR [c0000000005d23d0] usercopyabort+0x74/0xb0 Call Trace: usercopyabort+0x74/0xb0 (unreliable) checkheapobject+0xf8/0x120 checkheapobject+0x218/0x240 checkobjectsize+0x84/0x1a4 dtlfileread+0x17c/0x2c4 fullproxyread+0x8c/0x110 vfsread+0xdc/0x3a0 ksysread+0x84/0x144 systemcallexception+0x124/0x330 systemcallvectoredcommon+0x15c/0x2ec --- interrupt: 3000 at 0x7fff81f3ab34

Commit 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0") requires that only whitelisted areas in slab/slub objects can be copied to userspace when usercopy hardening is enabled using CONFIGHARDENEDUSERCOPY. Dtl contains hypervisor dispatch events which are expected to be read by privileged users. Hence mark this safe for user access. Specify useroffset=0 and usersize=DISPATCHLOGBYTES to whitelist the entire object.

Other sources

Linux Kernel is vulnerable to a denial of service, caused by a flaw in Powerpc/Pseries. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

25 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
redhat/kernel<5.4.281
5.4.281
redhat/kernel<5.10.223
5.10.223
redhat/kernel<5.15.164
5.15.164
redhat/kernel<6.1.101
6.1.101
redhat/kernel<6.6.42
6.6.42
redhat/kernel<6.9.11
6.9.11
redhat/kernel<6.10
6.10
Linux Linux kernel<5.4.281
Linux Linux kernel>=5.5<5.10.223
Linux Linux kernel>=5.11<5.15.164
Linux Linux kernel>=5.16<6.1.101
Linux Linux kernel>=6.2<6.6.42
Linux Linux kernel>=6.7<6.9.11
Linux Linux kernel=6.10-rc1
Linux Linux kernel=6.10-rc2
Linux Linux kernel=6.10-rc3
Linux Linux kernel=6.10-rc4
Linux Linux kernel=6.10-rc5
Linux Linux kernel=6.10-rc6

Remediation

Patch Available

https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4

Patch Available

https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586

Patch Available

https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2

Patch Available

https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd

Patch Available

https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6

Patch Available

https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a

Patch Available

https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f

Event History

Jul 29, 2024
CVE Published
via MITRE·02:57 PM
Data Sourced
via MITRE·02:57 PM
Description
Data Sourced
via NVD·03:15 PM
Description
Data Sourced
via NVD·03:15 PM
RemedySeverityAffected Software
Data Sourced
via Red Hat·03:43 PM
DescriptionSeverityAffected Software
Apr 27, 2025
Data Sourced
via Ubuntu·12:31 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-41065?

CVE-2024-41065 has a severity rating of medium, indicating a moderate impact on system security.

2

How do I fix CVE-2024-41065?

To fix CVE-2024-41065, update the Linux kernel to versions 5.4.281, 5.10.223, 5.15.164, 6.1.101, 6.6.42, 6.9.11, or 6.10, according to the source and package used.

3

What systems are affected by CVE-2024-41065?

CVE-2024-41065 affects various versions of the Linux kernel across different distributions including Red Hat and Debian.

4

Can CVE-2024-41065 lead to system crashes?

Yes, exploiting CVE-2024-41065 can lead to system instability and may cause crashes when triggering a BUG() in the dispatch trace log.

5

Is CVE-2024-41065 related to user copy functions?

Yes, CVE-2024-41065 is related to hardened user copy functions in the Linux kernel, specifically affecting the handling of slub objects.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203