Bug 1224658 (CVE-2024-35923) - VUL-0: REJECTED: CVE-2024-35923: kernel: io_uring: clear opcode specific data for an early failure
Summary: VUL-0: REJECTED: CVE-2024-35923: kernel: io_uring: clear opcode specific data...
Status: RESOLVED INVALID
Alias: CVE-2024-35923
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Gabriel Krisman Bertazi
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/406613/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-35923:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-20 16:04 UTC by SMASH SMASH
Modified: 2024-05-27 07:48 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-20 16:04:11 UTC 
In the Linux kernel, the following vulnerability has been resolved:

io_uring: clear opcode specific data for an early failure

If failure happens before the opcode prep handler is called, ensure that
we clear the opcode specific area of the request, which holds data
specific to that request type. This prevents errors where opcode
handlers either don't get to clear per-request private data since prep
isn't even called.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35923
https://www.cve.org/CVERecord?id=CVE-2024-35923
https://git.kernel.org/stable/c/21162ad2de7446438cbd6224b3794a375bcb24df
https://git.kernel.org/stable/c/5245a6da27ef79f8dba98dad5542ebe56d311837
https://git.kernel.org/stable/c/cb1cd176e0b431644653a7fa8691a1aaf7be98da
https://git.kernel.org/stable/c/e21e1c45e1fe2e31732f40256b49c04e76a17cee
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35923.mbox
Comment 2 Andrea Mattiazzo 2024-05-27 07:48:22 UTC 
CVE is now rejected: https://lore.kernel.org/linux-cve-announce/2024052529-REJECTED-1f0b@gregkh/