Bugzilla – Bug 1215932
VUL-0: CVE-2023-4610: kernel: slab-use-after-free Read in radix_tree_lookup
Last modified: 2024-06-07 15:22:09 UTC
A use-after-free flaw was found in radix_tree_lookup in ./lib/radix-tree.c in Radix tree node cache in the Linux Kernel. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. References: https://www.spinics.net/lists/kernel/msg4890803.html https://www.spinics.net/lists/kernel/msg4920917.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4610
The upstream discussion can be found at https://lore.kernel.org/all/CALf2hKtDJGqmsiSykbX8EEfbthwt6a4Bs98m60dUkS7URW-C8g@mail.gmail.com/ Nobody replied, so I have just added Mathew into Cc who should be familiar with the code.
The outcome from the upstream discussion is that use-after-free was introduced by the commit f95bdb700bc6bb74e ("mm: vmscan: make global slab shrink lockless") in 6.4-rc1. It has been reverted by the commit 71c3ad65fabec9620d ("Revert "mm: vmscan: make global slab shrink lockless") right before releasing 6.4 final. By other words, the bug was in all in 6.4-rcX releases but not in the final release. Could we please dispute the CVE?
Hi Gabriele, As Petr has mentioned, looks like the patch that introduced this issue was shortly present in v6.4-rcX and it was reverted before v6.4-final. Let's reassign this bug to your team for further decision. Thanks!
All done, closing.