In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
The perf tool allows users to create event groups through following
cmd [1], but the driver does not check whether the array index is out of
bounds when writing data to the event_group array. If the number of events
in an event_group is greater than HISI_PCIE_MAX_COUNTERS, the memory write
overflow of event_group array occurs.
Add array index check to fix the possible array out of bounds violation,
and return directly when write new events are written to array bounds.
There are 9 different events in an event_group.
[1] perf stat -e '{pmu/event1/, ... ,pmu/event9/}'
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-129 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-06-19T13:35:35.588Z
Updated: 2024-12-19T09:04:44.462Z
Reserved: 2024-06-18T19:36:34.923Z
Link: CVE-2024-38569
Vulnrichment
Updated: 2024-08-02T04:12:26.114Z
NVD
Status : Modified
Published: 2024-06-19T14:15:17.060
Modified: 2024-11-21T09:26:22.310
Link: CVE-2024-38569
Redhat