|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-33250: kernel-source-azure,kernel-source-rt,kernel-source: use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Leroy <thomas.leroy> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | meissner, mhocko, mkoutny, rfrohl, security-team, thomas.leroy |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/367082/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-33250:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Thomas Leroy
2023-05-22 12:51:26 UTC
Reassigning to a concrete person to ensure progress [1] (feel free to pass to next one), see also the process at [2]. Looks like an syzbot report with no identified fix so far. Might be interesting to watch for Jöerg. [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel [2] https://wiki.suse.net/index.php/SUSE-Labs/Kernel/Security 51fe6141f0f6 (iommufd: Data structure to provide IOVA to PFN mapping) probably introduced the bug. This commit is very recent and would only make stable branch affected. Joerg, are you aware of any fix for this report? Also is it really worth tracking as security relevant? Upstream fixes are: dbe245cdf518 iommufd: Call iopt_area_contig_done() under the lock 804ca14d04df iommufd: Do not access the area pointer after unlocking Both are already in the stable branch via Linux 6.4.4 and in master branch via upstream. SLE branches are not affected as commit 51fe6141f0f6 is not included in any of them. Assigning back. nothing to do |