NULL Pointer Dereference Affecting python3-perf package, versions <0:4.18.0-553.16.1.el8_10
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ROCKY8-PYTHON3PERF-7785345
- published 22 Aug 2024
- disclosed 21 Jun 2024
Introduced: 21 Jun 2024
CVE-2024-36489 Open this link in a new tabHow to fix?
Upgrade Rocky-Linux:8
python3-perf
to version 0:4.18.0-553.16.1.el8_10 or higher.
This issue was patched in RLSA-2024:5101
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream python3-perf
package and not the python3-perf
package as distributed by Rocky-Linux
.
See How to fix?
for Rocky-Linux:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
tls: fix missing memory barrier in tls_init
In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}.
CPU0 CPU1
// In tls_init() // In tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1)
// In update_sk_prot() WRITE_ONCE(sk->sk_prot, tls_prots) -(2)
// In sock_common_setsockopt()
READ_ONCE(sk->sk_prot)->setsockopt()
// In tls_{setsockopt,getsockopt}()
ctx-&gt;sk_proto-&gt;setsockopt() -(3)
In the above scenario, when (1) and (2) are reordered, (3) can observe the NULL value of ctx->sk_proto, causing NULL dereference.
To fix it, we rely on rcu_assign_pointer() which implies the release barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is initialized, we can ensure that ctx->sk_proto are visible when changing sk->sk_prot.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489
- https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b
- https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b
- https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302
- https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c
- https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071
- https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b