1224599 – (CVE-2023-52665) VUL-0: CVE-2023-52665: kernel: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

Bug 1224599 (CVE-2023-52665) - VUL-0: CVE-2023-52665: kernel: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

Summary: VUL-0: CVE-2023-52665: kernel: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIA...

Status:	RESOLVED FIXED

Alias:	CVE-2023-52665

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/406450/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-52665:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-20 15:30 UTC by SMASH SMASH
Modified:	2024-06-10 12:23 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-20 15:30:00 UTC

In the Linux kernel, the following vulnerability has been resolved:

powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2

Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian
builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way
that is incompatible with the current code for the PS3's LV1 hypervisor
calls.

This change just adds the line '# CONFIG_PPC64_BIG_ENDIAN_ELF_ABI_V2 is not set'
to the ps3_defconfig file so that the PPC64_ELF_ABI_V1 is used.

Fixes run time errors like these:

  BUG: Kernel NULL pointer dereference at 0x00000000
  Faulting instruction address: 0xc000000000047cf0
  Oops: Kernel access of bad area, sig: 11 [#1]
  Call Trace:
  [c0000000023039e0] [c00000000100ebfc] ps3_create_spu+0xc4/0x2b0 (unreliable)
  [c000000002303ab0] [c00000000100d4c4] create_spu+0xcc/0x3c4
  [c000000002303b40] [c00000000100eae4] ps3_enumerate_spus+0xa4/0xf8

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52665
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52665.mbox
https://git.kernel.org/stable/c/f70557d48215b14a9284ac3a6ae7e4ee1d039f10
https://git.kernel.org/stable/c/d0f0780f03df54d08ced118d27834ee5008724e4
https://git.kernel.org/stable/c/482b718a84f08b6fc84879c3e90cc57dba11c115
https://www.cve.org/CVERecord?id=CVE-2023-52665
https://bugzilla.redhat.com/show_bug.cgi?id=2281354

Comment 1 Joey Lee 2024-05-21 08:49:02 UTC

https://www.suse.com/security/cve/CVE-2023-52665.html
cvss 5.5

Comment 2 Michal Suchanek 2024-05-21 11:30:19 UTC

We do not support PS3 nor bigendian with any Linux kernel after 3.0.

Comment 4 Gabriele Sonnu 2024-06-10 12:23:27 UTC

All done, closing.