CVE-2024-41065

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.10.0-rc3

Description The vulnerability is related to the powerpc/pseries architecture in the Linux kernel. When the config CONFIG HARDENED USERCOPY is enabled, reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() due to the lack of whitelisting of the dtl slub object for copying to userspace. This issue can cause a kernel BUG and potentially lead to a denial of service. The dtl file read function is involved in this process, and the usercopy abort function is called when the issue occurs.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability, such as version 6.6.43 or later. Ensure that the CONFIG HARDENED USERCOPY config is properly set to avoid similar issues in the future. As a temporary workaround, consider disabling the CONFIG HARDENED USERCOPY config until a patch is available.