Description
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_sysfs_upd_schemes_stats(), and damon_sysfs_upd_schemes_effective_quotas() without checking contexts->nr. If nr_contexts is set to 0 via sysfs while DAMON is running, these functions dereference contexts_arr[0] and cause a NULL pointer dereference. Add the missing check. For example, the issue can be reproduced using DAMON sysfs interface and DAMON user-space tool (damo) [1] like below. $ sudo damo start --refresh_interval 1s $ echo 0 | sudo tee \ /sys/kernel/mm/damon/admin/kdamonds/0/contexts/nr_contexts
Product status
d809a7c64ba8229286b333c0cba03b1cdfb50238 (git) before 3527e9fdc38570cea0f6ddb7a2c9303d4044b217
d809a7c64ba8229286b333c0cba03b1cdfb50238 (git) before 652cd0641a763dd0e846b0d12814977fadb2b7d8
d809a7c64ba8229286b333c0cba03b1cdfb50238 (git) before 6557004a8b59c7701e695f02be03c7e20ed1cc15
6.17
Any version before 6.17
6.18.21 (semver)
6.19.11 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/3527e9fdc38570cea0f6ddb7a2c9303d4044b217
git.kernel.org/...c/652cd0641a763dd0e846b0d12814977fadb2b7d8
git.kernel.org/...c/6557004a8b59c7701e695f02be03c7e20ed1cc15