CVE-2024-41065: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as shown below. kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85 Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8 REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3) MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 2828220f XER: 0000000e CFAR: c0000000001fdc80 IRQMASK: 0 [ ... GPRs omitted ... ] NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0 LR [c0000000005d23d0] usercopy_abort+0x74/0xb0 Call Trace: usercopy_abort+0x74/0xb0 (unreliable) __check_heap_object+0xf8/0x120 check_heap_object+0x218/0x240 __check_object_size+0x84/0x1a4 dtl_file_read+0x17c/0x2c4 full_proxy_read+0x8c/0x110 vfs_read+0xdc/0x3a0 ksys_read+0x84/0x144 system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ec --- interrupt: 3000 at 0x7fff81f3ab34 Commit 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0") requires that only whitelisted areas in slab/slub objects can be copied to userspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY. Dtl contains hypervisor dispatch events which are expected to be read by privileged users. Hence mark this safe for user access. Specify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the entire object.
AI Analysis
Technical Summary
CVE-2024-41065 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC pSeries architecture. The issue arises when reading the dispatch trace log located at /sys/kernel/debug/powerpc/dtl/cpu-* with the kernel configuration option CONFIG_HARDENED_USERCOPY enabled. This configuration is designed to harden the kernel against usercopy bugs by restricting which memory areas can be copied to userspace. However, the dispatch trace log (dtl) slab/slub object was not properly whitelisted, causing a kernel BUG() and a kernel oops (crash) when accessed. The bug trace shows the failure occurs in the usercopy_abort function, triggered by the kernel's usercopy hardening checks, which abort copying from non-whitelisted slab objects. The dispatch trace log contains hypervisor dispatch events intended for privileged users, so the fix involved marking this memory region as safe for user access by whitelisting the entire object with useroffset=0 and usersize=DISPATCH_LOG_BYTES. This prevents the kernel from crashing when privileged users read the dtl logs. The vulnerability affects Linux kernel versions using the PowerPC pSeries platform with CONFIG_HARDENED_USERCOPY enabled and kernel versions around 6.10.0-rc3. While no known exploits are reported in the wild, the issue can cause denial of service via kernel crash when privileged users attempt to read these logs. The patch involves restricting non-usercopy caches to size 0 and explicitly whitelisting the dtl slab object for usercopy operations, ensuring stability and security when accessing debug trace logs.
Potential Impact
For European organizations running Linux on PowerPC pSeries hardware, particularly those using IBM POWER10 systems or similar, this vulnerability can lead to kernel crashes and denial of service when privileged users attempt to read dispatch trace logs. This can disrupt critical services relying on these systems, especially in sectors like finance, telecommunications, research, and government where IBM POWER systems are more prevalent. The impact is primarily on availability due to kernel panics, but could also affect system integrity if crashes occur during sensitive operations. Since the vulnerability requires privileged user access and specific kernel configuration, the attack surface is limited to internal users or administrators. However, the inability to safely access debug logs can hinder troubleshooting and incident response efforts. Organizations relying on hardened usercopy configurations for security may face operational challenges until patches are applied. The absence of known exploits reduces immediate risk, but the potential for denial of service in production environments makes timely remediation important.
Mitigation Recommendations
1. Apply the official Linux kernel patch that whitelists the dtl slab object for usercopy operations, as referenced in commit 6d07d1cd300f, to ensure the dispatch trace log can be safely read without kernel crashes. 2. Verify that systems running PowerPC pSeries hardware with CONFIG_HARDENED_USERCOPY enabled are updated to a kernel version including this fix, ideally Linux kernel 6.10.0 or later stable releases incorporating the patch. 3. Restrict access to /sys/kernel/debug/powerpc/dtl/cpu-* files to trusted privileged users only, minimizing the risk of accidental or malicious triggering of the bug. 4. Monitor kernel logs for oops or BUG messages related to usercopy_abort or dtl_file_read to detect any attempts to exploit or encounter this issue. 5. For organizations using custom or long-term support kernels, backport the fix or consult vendor support to obtain patched kernel versions. 6. Document and train system administrators on the implications of CONFIG_HARDENED_USERCOPY and the importance of applying this patch to avoid service disruptions. 7. Consider disabling CONFIG_HARDENED_USERCOPY temporarily only if patching is not immediately possible, but be aware this reduces kernel memory copy hardening protections and may increase other risks.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2024-41065: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as shown below. kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85 Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries NIP: c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8 REGS: c000000120c078c0 TRAP: 0700 Not tainted (6.10.0-rc3) MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 2828220f XER: 0000000e CFAR: c0000000001fdc80 IRQMASK: 0 [ ... GPRs omitted ... ] NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0 LR [c0000000005d23d0] usercopy_abort+0x74/0xb0 Call Trace: usercopy_abort+0x74/0xb0 (unreliable) __check_heap_object+0xf8/0x120 check_heap_object+0x218/0x240 __check_object_size+0x84/0x1a4 dtl_file_read+0x17c/0x2c4 full_proxy_read+0x8c/0x110 vfs_read+0xdc/0x3a0 ksys_read+0x84/0x144 system_call_exception+0x124/0x330 system_call_vectored_common+0x15c/0x2ec --- interrupt: 3000 at 0x7fff81f3ab34 Commit 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0") requires that only whitelisted areas in slab/slub objects can be copied to userspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY. Dtl contains hypervisor dispatch events which are expected to be read by privileged users. Hence mark this safe for user access. Specify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the entire object.
AI-Powered Analysis
Technical Analysis
CVE-2024-41065 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC pSeries architecture. The issue arises when reading the dispatch trace log located at /sys/kernel/debug/powerpc/dtl/cpu-* with the kernel configuration option CONFIG_HARDENED_USERCOPY enabled. This configuration is designed to harden the kernel against usercopy bugs by restricting which memory areas can be copied to userspace. However, the dispatch trace log (dtl) slab/slub object was not properly whitelisted, causing a kernel BUG() and a kernel oops (crash) when accessed. The bug trace shows the failure occurs in the usercopy_abort function, triggered by the kernel's usercopy hardening checks, which abort copying from non-whitelisted slab objects. The dispatch trace log contains hypervisor dispatch events intended for privileged users, so the fix involved marking this memory region as safe for user access by whitelisting the entire object with useroffset=0 and usersize=DISPATCH_LOG_BYTES. This prevents the kernel from crashing when privileged users read the dtl logs. The vulnerability affects Linux kernel versions using the PowerPC pSeries platform with CONFIG_HARDENED_USERCOPY enabled and kernel versions around 6.10.0-rc3. While no known exploits are reported in the wild, the issue can cause denial of service via kernel crash when privileged users attempt to read these logs. The patch involves restricting non-usercopy caches to size 0 and explicitly whitelisting the dtl slab object for usercopy operations, ensuring stability and security when accessing debug trace logs.
Potential Impact
For European organizations running Linux on PowerPC pSeries hardware, particularly those using IBM POWER10 systems or similar, this vulnerability can lead to kernel crashes and denial of service when privileged users attempt to read dispatch trace logs. This can disrupt critical services relying on these systems, especially in sectors like finance, telecommunications, research, and government where IBM POWER systems are more prevalent. The impact is primarily on availability due to kernel panics, but could also affect system integrity if crashes occur during sensitive operations. Since the vulnerability requires privileged user access and specific kernel configuration, the attack surface is limited to internal users or administrators. However, the inability to safely access debug logs can hinder troubleshooting and incident response efforts. Organizations relying on hardened usercopy configurations for security may face operational challenges until patches are applied. The absence of known exploits reduces immediate risk, but the potential for denial of service in production environments makes timely remediation important.
Mitigation Recommendations
1. Apply the official Linux kernel patch that whitelists the dtl slab object for usercopy operations, as referenced in commit 6d07d1cd300f, to ensure the dispatch trace log can be safely read without kernel crashes. 2. Verify that systems running PowerPC pSeries hardware with CONFIG_HARDENED_USERCOPY enabled are updated to a kernel version including this fix, ideally Linux kernel 6.10.0 or later stable releases incorporating the patch. 3. Restrict access to /sys/kernel/debug/powerpc/dtl/cpu-* files to trusted privileged users only, minimizing the risk of accidental or malicious triggering of the bug. 4. Monitor kernel logs for oops or BUG messages related to usercopy_abort or dtl_file_read to detect any attempts to exploit or encounter this issue. 5. For organizations using custom or long-term support kernels, backport the fix or consult vendor support to obtain patched kernel versions. 6. Document and train system administrators on the implications of CONFIG_HARDENED_USERCOPY and the importance of applying this patch to avoid service disruptions. 7. Consider disabling CONFIG_HARDENED_USERCOPY temporarily only if patching is not immediately possible, but be aware this reduces kernel memory copy hardening protections and may increase other risks.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.628Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe17e3
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 4:10:45 AM
Last updated: 7/24/2025, 2:09:18 PM
Views: 13
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.