Bugzilla – Bug 1208844
VUL-0: CVE-2023-23005: kernel-source-azure,kernel-source-rt,kernel-source: mm/memory-tiers.c misinterprets the alloc_memory_type return value
Last modified: 2023-03-13 08:30:20 UTC
CVE-2023-23005 In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23005 https://www.cve.org/CVERecord?id=CVE-2023-23005 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee
Fixing commit: https://github.com/torvalds/linux/commit/4a625ceee8a0ab0273534cb6b432ce6b331db5ee Commit introducing the issue: https://github.com/torvalds/linux/commit/7b88bda3761b95856cf97822efe8281c8100067b Affected: - SLE15-SP5 - SLE15-SP5-AZURE - SLE15-SP5-RT - SLE15-SP5-GA Not affected: - SLE12-SP5 - SLE15-SP4-AZURE - SLE15-SP4-RT - SLE15-SP4 - cve/linux-3.0 - cve/linux-4.12 - cve/linux-4.4 - cve/linux-5.3 - stable
alloc_memory_type will return an error type only if the allocation fails. That is struct memory_dev_type allocation failure. That is a sub PAGE_SIZE allocation and those do not really fail. This a real high bar to meet and it is not really easy to be triggerable by the userspace. In this case all callers are from an early init code (memory_tier_init resp. dax_kmem_init) and we can safely rule out those failures. All that being said I do not think there are any security consequences here. The patch is mostly cosmetic. Can we dispute this CVE? You can use the above reasoning to justify it. Let me know if there are any questions.
will do, thanks!
closing, invalid