1225234 – (CVE-2023-52734) VUL-0: REJECTED: CVE-2023-52734: kernel: net: sched: sch: Bounds check priority

Bug 1225234 (CVE-2023-52734) - VUL-0: REJECTED: CVE-2023-52734: kernel: net: sched: sch: Bounds check priority

Summary: VUL-0: REJECTED: CVE-2023-52734: kernel: net: sched: sch: Bounds check priority

Status:	RESOLVED INVALID

Alias:	CVE-2023-52734

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/407187/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-24 14:46 UTC by SMASH SMASH
Modified:	2024-05-29 09:35 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-24 14:46:52 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: sched: sch: Bounds check priority

Nothing was explicitly bounds checking the priority index used to access
clpriop[]. WARN and bail out early if it's pathological. Seen with GCC 13:

../net/sched/sch_htb.c: In function 'htb_activate_prios':
../net/sched/sch_htb.c:437:44: warning: array subscript [0, 31] is outside array bounds of 'struct htb_prio[8]' [-Warray-bounds=]
  437 |                         if (p->inner.clprio[prio].feed.rb_node)
      |                             ~~~~~~~~~~~~~~~^~~~~~
../net/sched/sch_htb.c:131:41: note: while referencing 'clprio'
  131 |                         struct htb_prio clprio[TC_HTB_NUMPRIO];
      |                                         ^~~~~~

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52734
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52734.mbox
https://git.kernel.org/stable/c/fbe71c5dacaa5a9960323215f118958174c81aa0
https://git.kernel.org/stable/c/90fcf55d83b20da1091f926a291af05fb74f61c6
https://git.kernel.org/stable/c/99875ea9b5b47995bfb3c684d21eb17feb4b7e6a
https://git.kernel.org/stable/c/f6415c9c9a0b3881543d38528a58b54af4351522
https://git.kernel.org/stable/c/de5ca4c3852f896cacac2bf259597aab5e17d9e3
https://www.cve.org/CVERecord?id=CVE-2023-52734

Comment 2 Michal Hocko 2024-05-28 07:54:23 UTC

The issue doesn't really seem to be a real problem as per https://lore.kernel.org/all/Y9V3mBmLUcrEdrTV@pop-os.localdomain/

I have raised this https://lore.kernel.org/all/ZlWNaIMC3NCkIFxv@tiehlicka/T/#u

AFAICS this CVE is just invalid.

Comment 3 Andrea Mattiazzo 2024-05-29 09:35:02 UTC

CVE is now rejected: https://lore.kernel.org/linux-cve-announce/2024052800-REJECTED-1242@gregkh/