CVE-2024-57930

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue concerns a common bug in the Linux kernel where a TRACE EVENT() TP fast assign() assigns an address of an allocated string to the ring buffer and then references it in TP printk(), which can be executed hours later when the string is free. To catch this bug, the function test event printk() runs on all events as they are registered to ensure there's no unwanted dereferencing. It calls process string() to handle cases in TP printk() format that have "%s". The function returns whether or not the string is safe but can have some false positives. For instance, in the xe bo move() function, the "%s" references into xe mem type to name[], an array of pointers that should be safe for the event to access.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting access to the vulnerable process string() function until a patch is available. Avoid using the TP printk() function with "%s" format in the affected events until the issue is resolved.