lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050215-CVE-2023-53075-6770@gregkh> Date: Fri, 2 May 2025 17:55:40 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53075: ftrace: Fix invalid address access in lookup_rec() when index is 0 From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly added to ftrace_pages_start in ftrace_process_locs(). Before the first pg->index++, index is 0 and accessing pg->records[-1].ip will cause this problem. Don't check the ip when pg->index is 0. The Linux kernel CVE team has assigned CVE-2023-53075 to this issue. Affected and fixed versions =========================== Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 4.14.311 with commit 2de28e5ce34b22b73b833a21e2c45ae3aade3964 Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 4.19.279 with commit 7569ee04b0e3b32df79f64db3a7138573edad9bc Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 5.4.238 with commit ac58b88ccbbb8e9fb83e137cee04a856b1ea6635 Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 5.10.176 with commit 83c3b2f4e7c61367c7b24551f4c6eb94bbdda283 Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 5.15.104 with commit 2a0d71fabfeb349216d33f001a6421b1768bd3a9 Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 6.1.21 with commit 4f84f31f63416b0f02fc146ffdc4ab32723eb7e8 Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 6.2.8 with commit f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4 Issue introduced in 3.5 with commit 9644302e3315e7e36495d230d5ac7125a316d33e and fixed in 6.3 with commit ee92fa443358f4fc0017c1d0d325c27b37802504 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53075 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/trace/ftrace.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964 https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635 https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283 https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9 https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8 https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4 https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504
Powered by blists - more mailing lists