CVE-2024-53233: unicode: Fix utf8_load() error path

First published: Fri Dec 27 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this: kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? __symbol_put+0x93/0xb0 ? exc_invalid_op+0x51/0x70 ? __symbol_put+0x93/0xb0 ? asm_exc_invalid_op+0x1a/0x20 ? __pfx_cmp_name+0x10/0x10 ? __symbol_put+0x93/0xb0 ? __symbol_put+0x62/0xb0 utf8_load+0xf8/0x150 That happens because symbol_put() expects the unique string that identify the symbol, instead of a pointer to the loaded symbol. Fix that by using such string.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/severity
• agent/title
• agent/type
• agent/first-publish-date
• collector/nvd-api
• source/NVD
• agent/author
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• collector/usn-cve
• source/Ubuntu
• collector/nvd-cve
• agent/event
• agent/references
• agent/source
• agent/softwarecombine
• agent/tags
• agent/description
• collector/security-tracker-debian
• source/Debian
• vendor/linux
• canonical/linux kernel
• package-manager/debian