| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052120-CVE-2023-52872-48fd@gregkh> Date: Tue, 21 May 2024 17:32:48 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52872: tty: n_gsm: fix race condition in status line change on dead connections Description =========== In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data queues. This procedure, however, may cause subsequent changes of the virtual modem status lines of a DLCI. More data is being added the outgoing data queue and the deleted kick timer is restarted to handle this. At this point many resources have already been removed by the cleanup procedure. Thus, a kernel panic occurs. Fix this by proving in gsm_modem_update() that the cleanup procedure has not been started and the mux is still alive. Note that writing to a virtual tty is already protected by checks against the DLCI specific connection state. The Linux kernel CVE team has assigned CVE-2023-52872 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15.61 with commit dd37f6573878 and fixed in 5.15.138 with commit 81a4dd5e6c78 Issue introduced in 6.0 with commit c568f7086c6e and fixed in 6.1.62 with commit df6cfab66ff2 Issue introduced in 6.0 with commit c568f7086c6e and fixed in 6.5.11 with commit 19d34b73234a Issue introduced in 6.0 with commit c568f7086c6e and fixed in 6.6.1 with commit ce4df90333c4 Issue introduced in 6.0 with commit c568f7086c6e and fixed in 6.7 with commit 3a75b205de43 Issue introduced in 5.18.18 with commit d834aba5f30d Issue introduced in 5.19.2 with commit 692e847a8e66 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52872 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/n_gsm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/81a4dd5e6c78f5d8952fa8c9d36565db1fe01444 https://git.kernel.org/stable/c/df6cfab66ff2a44bd23ad5dd5309cb3421bb6593 https://git.kernel.org/stable/c/19d34b73234af542cc8a218cf398dee73cdb1890 https://git.kernel.org/stable/c/ce4df90333c4fe65acb8b5089fdfe9b955ce976a https://git.kernel.org/stable/c/3a75b205de43365f80a33b98ec9289785da56243
Powered by blists - more mailing lists