🛡️ UBUNTU-CVE-2024-57930
⚪ Unknown ✅ No Known Exploit OSV
N/A
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there's no unwanted dereferencing. It calls process_string() to handle cases in TP_printk() format that has "%s". It returns whether or not the string is safe. But it can have some false positives. For instance, xe_bo_move() has: TP_printk("move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s", __entry->move_lacks_source ? "yes" : "no", __entry->bo, __entry->size, xe_mem_type_to_name[__entry->old_placement], xe_mem_type_to_name[__entry->new_placement], __get_str(device_id)) Where the "%s" references into xe_mem_type_to_name[]. This is an array of pointers that should be safe for the event to access. Instead of flagging this as a bad reference, if a reference points to an array, where the record field is the index, consider it safe.

Details

Severity Unknown
CVSS Score N/A
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE N/A
Public Exploit ✅ No
Source OSV
Published 2025-01-21
Updated 2026-06-02
Modified 2025-10-24
Fix URL N/A

Affected Packages

Software From version Fixed in
linux-allwinner-5.19
linux-aws-5.0
linux-aws-5.11
linux-aws-5.13
linux-aws-5.19
linux-aws-5.3
linux-aws-5.8
linux-aws-6.2
linux-aws-6.5
linux-azure
linux-azure-5.11
linux-azure-5.13
linux-azure-5.19
linux-azure-5.3
linux-azure-5.8
linux-azure-6.2
linux-azure-6.5
linux-azure-edge
linux-azure-fde
linux-azure-fde-5.19
linux-azure-fde-6.2
linux-gcp
linux-gcp-5.11
linux-gcp-5.13
linux-gcp-5.19
linux-gcp-5.3
linux-gcp-5.8
linux-gcp-6.2
linux-gcp-6.5
linux-gke
linux-gke-4.15
linux-gke-5.15
linux-gke-5.4
linux-gkeop
linux-gkeop-5.15
linux-gkeop-5.4
linux-hwe
linux-hwe-5.11
linux-hwe-5.13
linux-hwe-5.19
linux-hwe-5.8
linux-hwe-6.2
linux-hwe-6.5
linux-hwe-edge
linux-intel-5.13
linux-intel-iot-realtime
linux-lowlatency-hwe-5.19
linux-lowlatency-hwe-6.2
linux-lowlatency-hwe-6.5
linux-nvidia-6.2
linux-nvidia-6.5
linux-oem
linux-oem-5.10
linux-oem-5.13
linux-oem-5.14
linux-oem-5.17
linux-oem-5.6
linux-oem-6.0
linux-oem-6.1
linux-oem-6.5
linux-oracle-5.0
linux-oracle-5.11
linux-oracle-5.13
linux-oracle-5.3
linux-oracle-5.8
linux-oracle-6.5
linux-raspi-realtime
linux-raspi2
linux-realtime
linux-riscv
linux-riscv-5.11
linux-riscv-5.19
linux-riscv-5.8
linux-riscv-6.5
linux-starfive-5.19
linux-starfive-6.2
linux-starfive-6.5

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.