CVE-2024-57917

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability has been resolved in the Linux kernel related to the topology subsystem, specifically when printing cpumap. During fuzz testing, a warning was discovered due to different return values from vsnprintf. The issue arises from the modification of core cpumask between the calculation of the formatted string length and the actual string formatting, leading to inconsistent lengths. This occurs when cpu hotplugging is performed during printing. The kvasprintf() function reports this warning during the printing of core siblings list. The function has several steps, including calculating the length of the resulting formatted string, allocating a buffer, performing the actual string formatting, and checking the consistency of the lengths.

Recommendations To resolve this issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting cpu hotplugging during critical printing processes to minimize the risk of exploitation.