| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091513-CVE-2023-53224-190d@gregkh> Date: Mon, 15 Sep 2025 16:21:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53224: ext4: Fix function prototype mismatch for ext4_feat_ktype From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4_feat_ktype With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. ext4_feat_ktype was setting the "release" handler to "kfree", which doesn't have a matching function prototype. Add a simple wrapper with the correct prototype. This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches. Note that this code is only reached when ext4 is a loadable module and it is being unloaded: CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698) ... RIP: 0010:kobject_put+0xbb/0x1b0 ... Call Trace: <TASK> ext4_exit_sysfs+0x14/0x60 [ext4] cleanup_module+0x67/0xedb [ext4] The Linux kernel CVE team has assigned CVE-2023-53224 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit b99fee58a20ab8e0557cce87b6f187e325993142 and fixed in 4.19.274 with commit 2b69cdd9f9a7f596e3dd31f05f9852940d177924 Issue introduced in 4.16 with commit b99fee58a20ab8e0557cce87b6f187e325993142 and fixed in 5.4.233 with commit 99e3fd21f8fc975c95e8cf76fbf6a3d2656f8f71 Issue introduced in 4.16 with commit b99fee58a20ab8e0557cce87b6f187e325993142 and fixed in 5.10.170 with commit 1ba10d3640e9783dad811fe4e24d55465c37c64d Issue introduced in 4.16 with commit b99fee58a20ab8e0557cce87b6f187e325993142 and fixed in 5.15.96 with commit c98077f7598a562f51051eec043be0cb3e1b1b5e Issue introduced in 4.16 with commit b99fee58a20ab8e0557cce87b6f187e325993142 and fixed in 6.1.14 with commit 0a1394e07c5d6bf1bfc25db8589ff1b1bfb6f46a Issue introduced in 4.16 with commit b99fee58a20ab8e0557cce87b6f187e325993142 and fixed in 6.2.1 with commit 94d8de83286fb1827340eba35b61c308f6b46ead Issue introduced in 4.16 with commit b99fee58a20ab8e0557cce87b6f187e325993142 and fixed in 6.3 with commit 118901ad1f25d2334255b3d50512fa20591531cd Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53224 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ext4/sysfs.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2b69cdd9f9a7f596e3dd31f05f9852940d177924 https://git.kernel.org/stable/c/99e3fd21f8fc975c95e8cf76fbf6a3d2656f8f71 https://git.kernel.org/stable/c/1ba10d3640e9783dad811fe4e24d55465c37c64d https://git.kernel.org/stable/c/c98077f7598a562f51051eec043be0cb3e1b1b5e https://git.kernel.org/stable/c/0a1394e07c5d6bf1bfc25db8589ff1b1bfb6f46a https://git.kernel.org/stable/c/94d8de83286fb1827340eba35b61c308f6b46ead https://git.kernel.org/stable/c/118901ad1f25d2334255b3d50512fa20591531cd
Powered by blists - more mailing lists