Bug 1212845 (CVE-2023-3439)

Summary: VUL-0: CVE-2023-3439: kernel-source,kernel-source-rt,kernel-source-azure: mctp: use-after-free read in mctp_local_output()
Product: [Novell Products] SUSE Security Incidents Reporter: Cathy Hu <cathy.hu>
Component: IncidentsAssignee: Kernel Bugs <kernel-bugs>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/370708/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Cathy Hu 2023-06-29 08:33:18 UTC 
CVE-2023-3439

A flaw was found in the MCTP protocol in the Linux kernel. The function
mctp_unregister() reclaims the device's relevant resource when a netcard
detaches. However, a running routine may be unaware of this and cause the
use-after-free of the mdev->addrs object, potentially leading to a denial of
service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3439
https://bugzilla.redhat.com/show_bug.cgi?id=2217915
https://www.cve.org/CVERecord?id=CVE-2023-3439
https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269
Comment 1 Cathy Hu 2023-06-29 08:34:54 UTC 
Fixing commit: https://github.com/torvalds/linux/commit/b561275d633bcd8e0e8055ab86f1a13df75a0269

Commit introducing the issue: https://github.com/torvalds/linux/commit/583be982d93479ea3d85091b0fd0b01201ede87d

Not affected (does not include introducing commit):
- SLE12-SP5
- SLE15-SP4-AZURE
- SLE15-SP4-RT
- SLE15-SP4
- SLE15-SP5
- SLE15-SP5-AZURE
- SLE15-SP5-RT
- cve/linux-3.0
- cve/linux-4.12
- cve/linux-4.4
- cve/linux-5.3

Not Affected (contains fix and introducing commit):
- ALP-current
- stable

closing