CVE-2024-58085: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58085 affects the Linux kernel's TOMOYO security module, specifically in the tomoyowritecontrol() function. The vulnerability was discovered and reported by syzbot and Leo Stone, with the issue being resolved on December 16, 2024. The vulnerability relates to a memory allocation warning that occurs when processing very long lines without newline characters in the TOMOYO security module (Red Hat CVE).

The vulnerability exists in the tomoyowritecontrol() function where memory allocation warnings could be triggered when processing input lines longer than 32KB. The issue has been assigned a CVSS v3 Base Score of 5.5, indicating moderate severity. The vulnerability is characterized by local attack vector and low attack complexity (Red Hat CVE).

The vulnerability could potentially lead to system resource exhaustion when processing very long input lines in the TOMOYO security module. While the impact is primarily limited to availability concerns, the local nature of the attack vector somewhat mitigates the overall risk (Red Hat CVE).

A fix has been implemented by modifying the memory allocation behavior in tomoyowritecontrol() to use _GFPNOWARN flag instead of checking for KMALLOCMAXSIZE. The patch ensures that memory allocations for lines longer than 32KB will fail with -ENOMEM rather than triggering warnings (Kernel Git).