| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091557-CVE-2023-53184-3b7a@gregkh> Date: Mon, 15 Sep 2025 16:02:38 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53184: arm64/sme: Set new vector length before reallocating From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Set new vector length before reallocating As part of fixing the allocation of the buffer for SVE state when changing SME vector length we introduced an immediate reallocation of the SVE state, this is also done when changing the SVE vector length for consistency. Unfortunately this reallocation is done prior to writing the new vector length to the task struct, meaning the allocation is done with the old vector length and can lead to memory corruption due to an undersized buffer being used. Move the update of the vector length before the allocation to ensure that the new vector length is taken into account. For some reason this isn't triggering any problems when running tests on the arm64 fixes branch (even after repeated tries) but is triggering issues very often after merge into mainline. The Linux kernel CVE team has assigned CVE-2023-53184 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.42 with commit aa5cf8bd1318b6e7d500668b318c07a71cde783b and fixed in 6.1.43 with commit 356e711640aea6ed145da9407499388b45264cb4 Issue introduced in 6.4.7 with commit 292f0453b0d021bb1d3f64648bfdfca093512214 and fixed in 6.4.8 with commit 807ada0e4aa3c9090c66009a99fa530c462012c9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53184 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm64/kernel/fpsimd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/356e711640aea6ed145da9407499388b45264cb4 https://git.kernel.org/stable/c/807ada0e4aa3c9090c66009a99fa530c462012c9 https://git.kernel.org/stable/c/05d881b85b48c7ac6a7c92ce00aa916c4a84d052
Powered by blists - more mailing lists