Bug 1220318 (CVE-2023-52459)

Summary: VUL-0: CVE-2023-52459: kernel-source,kernel-source-azure,kernel-source-rt: v4l: async: Fix duplicated list deletion
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: thomas.leroy, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/394972/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-02-26 08:50:54 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: v4l: async: Fix duplicated list deletion

The list deletion call dropped here is already called from the
helper function in the line before. Having a second list_del()
call results in either a warning (with CONFIG_DEBUG_LIST=y):

list_del corruption, c46c8198->next is LIST_POISON1 (00000100)

If CONFIG_DEBUG_LIST is disabled the operation results in a
kernel error due to NULL pointer dereference.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52459
https://www.cve.org/CVERecord?id=CVE-2023-52459
https://git.kernel.org/stable/c/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2
https://git.kernel.org/stable/c/49d82811428469566667f22749610b8c132cdb3e
https://git.kernel.org/stable/c/b7062628caeaec90e8f691ebab2d70f31b7b6b91
https://bugzilla.redhat.com/show_bug.cgi?id=2265795
Comment 1 Thomas Leroy 2024-02-26 08:52:30 UTC 
Buggy commit is only on stable, which already has the fix, just a changelog update is left to do
Comment 4 Gabriele Sonnu 2024-06-10 12:24:10 UTC 
All done, closing.