{"id":"CVE-2024-41065","summary":"powerpc/pseries: Whitelist dtl slub object for copying to userspace","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Whitelist dtl slub object for copying to userspace\n\nReading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-*\nresults in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as\nshown below.\n\n    kernel BUG at mm/usercopy.c:102!\n    Oops: Exception in kernel mode, sig: 5 [#1]\n    LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n    Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc\n    scsi_transport_fc ibmveth pseries_wdt dm_multipath dm_mirror dm_region_hash dm_log dm_mod fuse\n    CPU: 27 PID: 1815 Comm: python3 Not tainted 6.10.0-rc3 #85\n    Hardware name: IBM,9040-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_042) hv:phyp pSeries\n    NIP:  c0000000005d23d4 LR: c0000000005d23d0 CTR: 00000000006ee6f8\n    REGS: c000000120c078c0 TRAP: 0700   Not tainted  (6.10.0-rc3)\n    MSR:  8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e  CR: 2828220f  XER: 0000000e\n    CFAR: c0000000001fdc80 IRQMASK: 0\n    [ ... GPRs omitted ... ]\n    NIP [c0000000005d23d4] usercopy_abort+0x78/0xb0\n    LR [c0000000005d23d0] usercopy_abort+0x74/0xb0\n    Call Trace:\n     usercopy_abort+0x74/0xb0 (unreliable)\n     __check_heap_object+0xf8/0x120\n     check_heap_object+0x218/0x240\n     __check_object_size+0x84/0x1a4\n     dtl_file_read+0x17c/0x2c4\n     full_proxy_read+0x8c/0x110\n     vfs_read+0xdc/0x3a0\n     ksys_read+0x84/0x144\n     system_call_exception+0x124/0x330\n     system_call_vectored_common+0x15c/0x2ec\n    --- interrupt: 3000 at 0x7fff81f3ab34\n\nCommit 6d07d1cd300f (\"usercopy: Restrict non-usercopy caches to size 0\")\nrequires that only whitelisted areas in slab/slub objects can be copied to\nuserspace when usercopy hardening is enabled using CONFIG_HARDENED_USERCOPY.\nDtl contains hypervisor dispatch events which are expected to be read by\nprivileged users. Hence mark this safe for user access.\nSpecify useroffset=0 and usersize=DISPATCH_LOG_BYTES to whitelist the\nentire object.","modified":"2026-04-16T04:31:09.060693458Z","published":"2024-07-29T14:57:27.011Z","related":["ALSA-2024:7000","SUSE-SU-2024:3190-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3383-1","SUSE-SU-2024:3483-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41065.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0f5892212c27be31792ef1daa89c8dac1b3047e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1a14150e1656f7a332a943154fc486504db4d586"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6b16098148ea58a67430d90e20476be2377c3acd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e512a59b472684d8585125101ab03b86c2c1348a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e59822f9d700349cd17968d22c979db23a2d347f"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41065.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41065"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"af442a1baa6d00117cc7e7377ce7e6a545268684"},{"fixed":"a7b952941ce07e1e7a2cafd08c64a98e14f553e6"},{"fixed":"6b16098148ea58a67430d90e20476be2377c3acd"},{"fixed":"e59822f9d700349cd17968d22c979db23a2d347f"},{"fixed":"1ee68686d1e2a5da35d5650be0be1ce06fe2ceb2"},{"fixed":"e512a59b472684d8585125101ab03b86c2c1348a"},{"fixed":"0f5892212c27be31792ef1daa89c8dac1b3047e4"},{"fixed":"1a14150e1656f7a332a943154fc486504db4d586"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41065.json"}}],"schema_version":"1.7.5"}