CVE-2024-39277

dma-mapping: benchmark: handle NUMA_NO_NODE correctly

Description

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask [64][1]' CPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117) ubsan_epilogue (lib/ubsan.c:232) __ubsan_handle_out_of_bounds (lib/ubsan.c:429) cpumask_of_node (arch/x86/include/asm/topology.h:72) [inline] do_map_benchmark (kernel/dma/map_benchmark.c:104) map_benchmark_ioctl (kernel/dma/map_benchmark.c:246) full_proxy_unlocked_ioctl (fs/debugfs/file.c:333) __x64_sys_ioctl (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Use cpumask_of_node() in place when binding a kernel thread to a cpuset of a particular node. Note that the provided node id is checked inside map_benchmark_ioctl(). It's just a NUMA_NO_NODE case which is not handled properly later. Found by Linux Verification Center (linuxtesting.org).

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.13%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13 mailing list patch
https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464 mailing list patch
https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41 mailing list patch
https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f mailing list patch
https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f mailing list patch

Frequently Asked Questions

What is the severity of CVE-2024-39277?
CVE-2024-39277 has been scored as a high severity vulnerability.
How to fix CVE-2024-39277?
To fix CVE-2024-39277, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-39277 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-39277 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-39277?
CVE-2024-39277 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.