CVE-2024-58085 (GCVE-0-2024-58085)
Vulnerability from cvelistv5
Published
2025-03-06 16:22
Modified
2025-05-04 10:09
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a valid line should be always shorter than 32KB where the "too small to fail" memory-allocation rule applies. One might try to write a valid line that is longer than 32KB, but such request will likely fail with -ENOMEM. Therefore, I feel that separately returning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant. There is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.
References
Impacted products
Vendor Product Version
Linux Linux Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/tomoyo/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c67efabddc73171c7771d3ffe4ffa1e503ee533e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f6b37b3e12de638753bce79a2858070b9c4a4ad3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b2bd5857a0d6973ebbcb4d9831ddcaebbd257be1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fe1c021eb03dae0dc9dce55e81f77a60e419a27a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c9382f380e8d09209b8e5c0def0545852168be25",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "414705c0303350d139b1dc18f329fe47dfb642dd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3df7546fc03b8f004eee0b9e3256369f7d096685",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/tomoyo/common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.78",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\n\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\nfor one can write a very very long line without new line character. To fix\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\nfor practically a valid line should be always shorter than 32KB where the\n\"too small to fail\" memory-allocation rule applies.\n\nOne might try to write a valid line that is longer than 32KB, but such\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:09:44.077Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c67efabddc73171c7771d3ffe4ffa1e503ee533e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6b37b3e12de638753bce79a2858070b9c4a4ad3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2bd5857a0d6973ebbcb4d9831ddcaebbd257be1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe1c021eb03dae0dc9dce55e81f77a60e419a27a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c9382f380e8d09209b8e5c0def0545852168be25"
        },
        {
          "url": "https://git.kernel.org/stable/c/414705c0303350d139b1dc18f329fe47dfb642dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/3df7546fc03b8f004eee0b9e3256369f7d096685"
        }
      ],
      "title": "tomoyo: don\u0027t emit warning in tomoyo_write_control()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-58085",
    "datePublished": "2025-03-06T16:22:32.761Z",
    "dateReserved": "2025-03-06T15:52:09.184Z",
    "dateUpdated": "2025-05-04T10:09:44.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-58085\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-06T17:15:21.993\",\"lastModified\":\"2025-03-13T13:15:46.373\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntomoyo: don\u0027t emit warning in tomoyo_write_control()\\n\\nsyzbot is reporting too large allocation warning at tomoyo_write_control(),\\nfor one can write a very very long line without new line character. To fix\\nthis warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,\\nfor practically a valid line should be always shorter than 32KB where the\\n\\\"too small to fail\\\" memory-allocation rule applies.\\n\\nOne might try to write a valid line that is longer than 32KB, but such\\nrequest will likely fail with -ENOMEM. Therefore, I feel that separately\\nreturning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.\\nThere is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tomoyo: no emitir advertencia en tomoyo_write_control() syzbot informa una advertencia de asignaci\u00f3n demasiado grande en tomoyo_write_control(), ya que se puede escribir una l\u00ednea muy larga sin un car\u00e1cter de nueva l\u00ednea. Para corregir esta advertencia, uso __GFP_NOWARN en lugar de verificar KMALLOC_MAX_SIZE, ya que pr\u00e1cticamente una l\u00ednea v\u00e1lida siempre debe ser m\u00e1s corta que 32 KB donde se aplica la regla de asignaci\u00f3n de memoria \\\"demasiado peque\u00f1a para fallar\\\". Uno podr\u00eda intentar escribir una l\u00ednea v\u00e1lida que sea m\u00e1s larga que 32 KB, pero tal solicitud probablemente fallar\u00e1 con -ENOMEM. Por lo tanto, creo que devolver por separado -EINVAL cuando una l\u00ednea es m\u00e1s larga que KMALLOC_MAX_SIZE es redundante. No hay necesidad de distinguir entre m\u00e1s de 32 KB y m\u00e1s de KMALLOC_MAX_SIZE.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3df7546fc03b8f004eee0b9e3256369f7d096685\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/414705c0303350d139b1dc18f329fe47dfb642dd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a01c200fa7eb59da4d2dbbb48b61f4a0d196c09f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b2bd5857a0d6973ebbcb4d9831ddcaebbd257be1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c67efabddc73171c7771d3ffe4ffa1e503ee533e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c9382f380e8d09209b8e5c0def0545852168be25\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f6b37b3e12de638753bce79a2858070b9c4a4ad3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fe1c021eb03dae0dc9dce55e81f77a60e419a27a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.