CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50194: arm64: probes: Fix uprobes for big-endian kernels

5.5 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

arm64: probes: Fix uprobes for big-endian kernels

The arm64 uprobes code is broken for big-endian kernels as it doesn't
convert the in-memory instruction encoding (which is always
little-endian) into the kernel's native endianness before analyzing and
simulating instructions. This may result in a few distinct problems:

* The kernel may may erroneously reject probing an instruction which can
safely be probed.

* The kernel may erroneously erroneously permit stepping an
instruction out-of-line when that instruction cannot be stepped
out-of-line safely.

* The kernel may erroneously simulate instruction incorrectly dur to
interpretting the byte-swapped encoding.

The endianness mismatch isn't caught by the compiler or sparse because:

* The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so
the compiler and sparse have no idea these contain a little-endian
32-bit value. The core uprobes code populates these with a memcpy()
which similarly does not handle endianness.

* While the uprobe_opcode_t type is an alias for __le32, both
arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[]
to the similarly-named probe_opcode_t, which is an alias for u32.
Hence there is no endianness conversion warning.

Fix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and
adding the appropriate __le32_to_cpu() conversions prior to consuming
the instruction encoding...

Classification

CVE ID: CVE-2024-50194

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.81% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50194
https://git.kernel.org/stable/c/b6a638cb600e13f94b5464724eaa6ab7f3349ca2
https://git.kernel.org/stable/c/e6ab336213918575124d6db43dc5d3554526242e
https://git.kernel.org/stable/c/cf9ddf9ed94c15564a05bbf6e9f18dffa0c7df80
https://git.kernel.org/stable/c/cf60d19d40184e43d9a624e55a0da73be09e938d
https://git.kernel.org/stable/c/14841bb7a531b96e2dde37423a3b33e75147c60d
https://git.kernel.org/stable/c/8165bf83b8a64be801d59cd2532b0d1ffed74d00
https://git.kernel.org/stable/c/3d2530c65be04e93720e30f191a7cf1a3aa8b51c
https://git.kernel.org/stable/c/13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7

Timeline