Bug 1208844 (CVE-2023-23005) - VUL-0: CVE-2023-23005: kernel-source-azure,kernel-source-rt,kernel-source: mm/memory-tiers.c misinterprets the alloc_memory_type return value
Summary: VUL-0: CVE-2023-23005: kernel-source-azure,kernel-source-rt,kernel-source: mm...
Status: RESOLVED INVALID
Alias: CVE-2023-23005
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/358967/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-23005:0.0:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-02 11:11 UTC by Cathy Hu
Modified: 2023-03-13 08:30 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Cathy Hu 2023-03-02 11:11:11 UTC
CVE-2023-23005

In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the
alloc_memory_type return value (expects it to be NULL in the error case, whereas
it is actually an error pointer).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23005
https://www.cve.org/CVERecord?id=CVE-2023-23005
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2
https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee
Comment 1 Cathy Hu 2023-03-02 11:11:26 UTC
Fixing commit: https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee
                                                                                                                                                                          
Commit introducing the issue: https://github.com/torvalds/linux/commit/7b88bda3761b95856cf97822efe8281c8100067b                                                          
                                                                                                                                                                          
Affected:      
- SLE15-SP5
- SLE15-SP5-AZURE
- SLE15-SP5-RT
- SLE15-SP5-GA

Not affected:  
- SLE12-SP5    
- SLE15-SP4-AZURE  
- SLE15-SP4-RT     
- SLE15-SP4  
- cve/linux-3.0  
- cve/linux-4.12  
- cve/linux-4.4  
- cve/linux-5.3  
- stable
Comment 2 Michal Hocko 2023-03-02 12:50:56 UTC
alloc_memory_type will return an error type only if the allocation fails. That is struct memory_dev_type allocation failure. That is a sub PAGE_SIZE allocation and those do not really fail. This a real high bar to meet and it is not really easy to be triggerable by the userspace. In this case all callers are from an early init code (memory_tier_init resp. dax_kmem_init) and we can safely rule out those failures.

All that being said I do not think there are any security consequences here. The patch is mostly cosmetic.

Can we dispute this CVE? You can use the above reasoning to justify it. Let me know if there are any questions.
Comment 3 Cathy Hu 2023-03-02 14:24:43 UTC
will do, thanks!
Comment 5 Cathy Hu 2023-03-13 08:30:20 UTC
closing, invalid