| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050203-CVE-2023-53044-2d25@gregkh> Date: Fri, 2 May 2025 17:55:09 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53044: dm stats: check for and propagate alloc_percpu failure From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used. The Linux kernel CVE team has assigned CVE-2023-53044 to this issue. Affected and fixed versions =========================== Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 4.14.312 with commit 2287d7b721471a3d58bcd829250336e3cdf1635e Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 4.19.280 with commit 0d96bd507ed7e7d565b6d53ebd3874686f123b2e Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 5.4.240 with commit 4a32a9a818a895671bd43e0c40351e60e4e9140b Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 5.10.177 with commit c68f08cc745675a17894e1b4a5b5b9700ace6da4 Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 5.15.105 with commit 443c9d522397511a4328dc2ec3c9c63c73049756 Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 6.1.22 with commit a42180dd361584816bfe15c137b665699b994d90 Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 6.2.9 with commit 5b66e36a3efd24041b7374432bfa4dec2ff01e95 Issue introduced in 3.12 with commit fd2ed4d252701d3bbed4cd3e3d267ad469bb832a and fixed in 6.3 with commit d3aa3e060c4a80827eb801fc448debc9daa7c46b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53044 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/dm-stats.c drivers/md/dm-stats.h drivers/md/dm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2287d7b721471a3d58bcd829250336e3cdf1635e https://git.kernel.org/stable/c/0d96bd507ed7e7d565b6d53ebd3874686f123b2e https://git.kernel.org/stable/c/4a32a9a818a895671bd43e0c40351e60e4e9140b https://git.kernel.org/stable/c/c68f08cc745675a17894e1b4a5b5b9700ace6da4 https://git.kernel.org/stable/c/443c9d522397511a4328dc2ec3c9c63c73049756 https://git.kernel.org/stable/c/a42180dd361584816bfe15c137b665699b994d90 https://git.kernel.org/stable/c/5b66e36a3efd24041b7374432bfa4dec2ff01e95 https://git.kernel.org/stable/c/d3aa3e060c4a80827eb801fc448debc9daa7c46b
Powered by blists - more mailing lists