| Summary: |
VUL-0: CVE-2023-4732: kernel-source-rt,kernel-source,kernel-source-azure: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h |
| Product: |
[Novell Products] SUSE Security Incidents
|
Reporter: |
Cathy Hu <cathy.hu> |
| Component: |
Incidents | Assignee: |
Security Team bot <security-team> |
| Status: |
RESOLVED
FIXED
|
QA Contact: |
Security Team bot <security-team> |
| Severity: |
Normal
|
|
|
| Priority: |
P3 - Medium
|
CC: |
meissner, mhocko, security-team, vbabka
|
| Version: |
unspecified | |
|
| Target Milestone: |
--- | |
|
| Hardware: |
Other | |
|
| OS: |
Other | |
|
| URL: |
https://smash.suse.de/issue/377016/
|
| Whiteboard: |
|
|
Found By:
|
Security Response Team
|
Services Priority:
|
|
|---|
|
Business Priority:
|
|
Blocker:
|
---
|
|---|
|
Marketing QA Status:
|
---
|
IT Deployment:
|
---
|
|---|
CVE-2023-4732 A flaw was found in the Linux Kernel's memory management subsytem. In this flaw, A task is exiting and releasing 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x. 208 static inline struct page *pfn_swap_entry_to_page(swp_entry_t entry) 209 { <omit> 216 BUG_ON(is_migration_entry(entry) && !PageLocked(p)); <----- It finds the entry is of type SWP_MIGRATION_READ and the page is not locked, Another task is calling migrate_pages() on the same addresses and has just completed with the above pmd_t x and is moving to pmd_t x+1 in try_to_unmap_one(). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4732 https://bugzilla.redhat.com/show_bug.cgi?id=2236982