| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050204-CVE-2023-53047-7e31@gregkh>
Date: Fri, 2 May 2025 17:55:12 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53047: tee: amdtee: fix race condition in amdtee_open_session
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
tee: amdtee: fix race condition in amdtee_open_session
There is a potential race condition in amdtee_open_session that may
lead to use-after-free. For instance, in amdtee_open_session() after
sess->sess_mask is set, and before setting:
sess->session_info[i] = session_info;
if amdtee_close_session() closes this same session, then 'sess' data
structure will be released, causing kernel panic when 'sess' is
accessed within amdtee_open_session().
The solution is to set the bit sess->sess_mask as the last step in
amdtee_open_session().
The Linux kernel CVE team has assigned CVE-2023-53047 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.6 with commit 757cc3e9ff1d72d014096399d6e2bf03974d9da1 and fixed in 5.10.177 with commit f632a90f8e39db39b322107b9a8d438b826a7f4f
Issue introduced in 5.6 with commit 757cc3e9ff1d72d014096399d6e2bf03974d9da1 and fixed in 5.15.105 with commit 02b296978a2137d7128151c542e84dc96400bc00
Issue introduced in 5.6 with commit 757cc3e9ff1d72d014096399d6e2bf03974d9da1 and fixed in 6.1.22 with commit a63cce9393e4e7dbc5af82dc87e68cb321cb1a78
Issue introduced in 5.6 with commit 757cc3e9ff1d72d014096399d6e2bf03974d9da1 and fixed in 6.2.9 with commit b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35
Issue introduced in 5.6 with commit 757cc3e9ff1d72d014096399d6e2bf03974d9da1 and fixed in 6.3 with commit f8502fba45bd30e1a6a354d9d898bc99d1a11e6d
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-53047
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/tee/amdtee/core.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/f632a90f8e39db39b322107b9a8d438b826a7f4f
https://git.kernel.org/stable/c/02b296978a2137d7128151c542e84dc96400bc00
https://git.kernel.org/stable/c/a63cce9393e4e7dbc5af82dc87e68cb321cb1a78
https://git.kernel.org/stable/c/b3ef9e6fe09f1a132af28c623edcf4d4f39d9f35
https://git.kernel.org/stable/c/f8502fba45bd30e1a6a354d9d898bc99d1a11e6d
Powered by blists - more mailing lists