| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052102-CVE-2023-52811-2a5f@gregkh> Date: Tue, 21 May 2024 17:31:47 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52811: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUG_ON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUG_ON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on. Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action. The Linux kernel CVE team has assigned CVE-2023-52811 to this issue. Affected and fixed versions =========================== Fixed in 5.15.140 with commit e1d1f79b1929 Fixed in 6.1.64 with commit 88984ec47927 Fixed in 6.5.13 with commit d2af4ef80601 Fixed in 6.6.3 with commit 8bbe784c2ff2 Fixed in 6.7 with commit b39f2d10b86d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52811 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/ibmvscsi/ibmvfc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e1d1f79b1929dce470a5dc9281c574cd58e8c6c0 https://git.kernel.org/stable/c/88984ec4792766df5a9de7a2ff2b5f281f94c7d4 https://git.kernel.org/stable/c/d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8 https://git.kernel.org/stable/c/8bbe784c2ff28d56ca0c548aaf3e584edc77052d https://git.kernel.org/stable/c/b39f2d10b86d0af353ea339e5815820026bca48f
Powered by blists - more mailing lists