Bugzilla – Bug 1210781
VUL-0: CVE-2023-31082: kernel: drivers/tty/n_gsm.c sleeping function called from an invalid context in gsmld_write
Last modified: 2024-05-07 09:09:54 UTC
CVE-2023-31082 An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31082 https://www.cve.org/CVERecord?id=CVE-2023-31082 https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/
Another instance of syzkaller crash => CVE logic :-| This time in tty. Jiri, can you please have a look?
(In reply to Jan Kara from comment #2) > Jiri, can you please have a look? I already did :): https://lore.kernel.org/all/5a994a13-d1f2-87a8-09e4-a877e65ed166@kernel.org/ It is not easy to fix. n_gsm is a mess. We can apply a workaround to disallow n_gsm for virtual terminals. I assume n_gsm is used only for real lines.
Still, I am not aware of a working fix, nor that someone is (or even is able to) working on this upstream.
This is a non-issue and does not warrant a CVE at all. Assigning n_gsm to a console equals shooting to a foot. I forgot the process, how can we dispute a CVE? Can we just close this as WONTFIX? Or do we have to ^^ first?
(In reply to Jiri Slaby from comment #9) > I forgot the process, how can we dispute a CVE? Hopefully, I enqueued a request to dispute the CVE.
Usually we just ask security-team and someone from them handles the disputation process...
(In reply to Jiri Slaby from comment #9) > This is a non-issue and does not warrant a CVE at all. > > Assigning n_gsm to a console equals shooting to a foot. > > I forgot the process, how can we dispute a CVE? ^^
(In reply to Jan Kara from comment #11) > Usually we just ask security-team and someone from them handles the > disputation process... Could I maybe get a more detailed comment then: > Assigning n_gsm to a console equals shooting to a foot. I need to provide some reasoning to revoking the CVE, not sure this would be enough to understand that this is not an issue ;)
(In reply to Robert Frohl from comment #13) > > Assigning n_gsm to a console equals shooting to a foot. > > I need to provide some reasoning to revoking the CVE, not sure this would be > enough to understand that this is not an issue ;) First, the operation to assign a line discipline to a tty requires root privileges. So how comes this is reported as a security issue in the first place? Second, assigning n_gsm to a console (/dev/tty[0-9]* and similar) is not supported -- why would anyone want to do that? So since the syzkaller report is based on this invalid setup, the report is all wrong.