lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024030253-CVE-2023-52522-6abd@gregkh> Date: Sat, 2 Mar 2024 22:53:06 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52522: net: fix possible store tearing in neigh_periodic_work() Description =========== In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleting an RCU protected item from a list. Readers use rcu_deference(*np), we need to use either rcu_assign_pointer() or WRITE_ONCE() on writer side to prevent store tearing. I use rcu_assign_pointer() to have lockdep support, this was the choice made in neigh_flush_dev(). The Linux kernel CVE team has assigned CVE-2023-52522 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.37 with commit 767e97e1e0db and fixed in 5.4.258 with commit 95eabb075a59 Issue introduced in 2.6.37 with commit 767e97e1e0db and fixed in 5.10.198 with commit 2ea52a2fb8e8 Issue introduced in 2.6.37 with commit 767e97e1e0db and fixed in 5.15.135 with commit 147d89ee4143 Issue introduced in 2.6.37 with commit 767e97e1e0db and fixed in 6.1.57 with commit f82aac816287 Issue introduced in 2.6.37 with commit 767e97e1e0db and fixed in 6.5.7 with commit a75152d23337 Issue introduced in 2.6.37 with commit 767e97e1e0db and fixed in 6.6 with commit 25563b581ba3 Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52522 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/core/neighbour.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af https://git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0 https://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa https://git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580 https://git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc https://git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd
Powered by blists - more mailing lists