| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052118-CVE-2023-52864-15cd@gregkh>
Date: Tue, 21 May 2024 17:32:40 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2023-52864: platform/x86: wmi: Fix opening of char device
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: wmi: Fix opening of char device
Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via
file private data"), the miscdevice stores a pointer to itself inside
filp->private_data, which means that private_data will not be NULL when
wmi_char_open() is called. This might cause memory corruption should
wmi_char_open() be unable to find its driver, something which can
happen when the associated WMI device is deleted in wmi_free_devices().
Fix the problem by using the miscdevice pointer to retrieve the WMI
device data associated with a char device using container_of(). This
also avoids wmi_char_open() picking a wrong WMI device bound to a
driver with the same name as the original driver.
The Linux kernel CVE team has assigned CVE-2023-52864 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 4.19.299 with commit cf098e937dd1
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 5.4.261 with commit 9fb0eed09e14
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 5.10.201 with commit d426a2955e45
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 5.15.139 with commit e0bf076b734a
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 6.1.63 with commit 44a96796d258
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 6.5.12 with commit 36d85fa7ae0d
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 6.6.2 with commit fb7b06b59c68
Issue introduced in 4.15 with commit 44b6b7661132 and fixed in 6.7 with commit eba9ac7abab9
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-52864
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/platform/x86/wmi.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6
https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203
https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453
https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097
https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e
https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e
https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3
https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6
Powered by blists - more mailing lists