Bug 1220318 (CVE-2023-52459) - VUL-0: CVE-2023-52459: kernel-source,kernel-source-azure,kernel-source-rt: v4l: async: Fix duplicated list deletion
Summary: VUL-0: CVE-2023-52459: kernel-source,kernel-source-azure,kernel-source-rt: v4...
Status: RESOLVED FIXED
Alias: CVE-2023-52459
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/394972/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-26 08:50 UTC by SMASH SMASH
Modified: 2024-06-10 12:24 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-26 08:50:54 UTC 
In the Linux kernel, the following vulnerability has been resolved:

media: v4l: async: Fix duplicated list deletion

The list deletion call dropped here is already called from the
helper function in the line before. Having a second list_del()
call results in either a warning (with CONFIG_DEBUG_LIST=y):

list_del corruption, c46c8198->next is LIST_POISON1 (00000100)

If CONFIG_DEBUG_LIST is disabled the operation results in a
kernel error due to NULL pointer dereference.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52459
https://www.cve.org/CVERecord?id=CVE-2023-52459
https://git.kernel.org/stable/c/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2
https://git.kernel.org/stable/c/49d82811428469566667f22749610b8c132cdb3e
https://git.kernel.org/stable/c/b7062628caeaec90e8f691ebab2d70f31b7b6b91
https://bugzilla.redhat.com/show_bug.cgi?id=2265795
Comment 1 Thomas Leroy 2024-02-26 08:52:30 UTC 
Buggy commit is only on stable, which already has the fix, just a changelog update is left to do
Comment 4 Gabriele Sonnu 2024-06-10 12:24:10 UTC 
All done, closing.