|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2023-52629: kernel: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED INVALID | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | camila.matos, gianluca.gabrielli, mkoutny |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/399612/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-52629:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
scripts/check-kernel-fix CVE-2023-52629
246f80a0b17f8 ("sh: push-switch: Reorder cleanup operations to avoid use-after-free bug") merged v6.6-rc1~9^2
Fixes: 9f5e8eee5cfe1 ("sh: generic push-switch framework.") merged v2.6.20-rc1~34^2~20^2~32^2~25
Security fix for CVE-2023-52629 bsc#1222231 with CVSS 5.5
..............................
ACTION NEEDED!
SLE15-SP6: MANUAL: backport 246f80a0b17f8f582b2c0996db02998239057c65 (Fixes 9f5e8eee5cfe)
SLE15-SP5: MANUAL: backport 246f80a0b17f8f582b2c0996db02998239057c65 (Fixes 9f5e8eee5cfe)
SLE12-SP5: MANUAL: backport 246f80a0b17f8f582b2c0996db02998239057c65 (Fixes 9f5e8eee5cfe)
SLE12-SP3-TD: MANUAL: backport 246f80a0b17f8f582b2c0996db02998239057c65 (Fixes 9f5e8eee5cfe)
The patch changes sources of SuperH architecture code which we don't support yet distribute in our RPMs. So our producst are UNaffected.
I'm going to blacklist the patch to silence git-fixes. We'll have the fix from upstream if we add support for the arch in the future.
(In reply to Michal Koutný from comment #2) > The patch changes sources of SuperH architecture code which we don't support > yet distribute in our RPMs. So our producst are UNaffected. nor distribute |
In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() | ... | switch_timer // timer | schedule_work(&psw->work) timer_shutdown_sync() | ... | switch_work_handler // worker kfree(psw) // free | | psw->state = 0 // use This patch puts timer_shutdown_sync() before flush_work() to mitigate the bugs. As a result, the worker and timer will be stopped safely before the deallocate operations. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52629 https://www.cve.org/CVERecord?id=CVE-2023-52629 https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65 https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de https://bugzilla.redhat.com/show_bug.cgi?id=2272204 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52629.mbox