| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091556-CVE-2023-53181-608c@gregkh> Date: Mon, 15 Sep 2025 16:02:35 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53181: dma-buf/dma-resv: Stop leaking on krealloc() failure From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc() failure Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_fences() failed. And let's zero out *num_fences as well for good measure. The Linux kernel CVE team has assigned CVE-2023-53181 to this issue. Affected and fixed versions =========================== Issue introduced in 5.16 with commit d3c80698c9f58a0683badf78793eebaa0c71afbd and fixed in 6.1.42 with commit 19e7b9f1f7e1cb92a4cc53b4c064f7fb4b1f1983 Issue introduced in 5.16 with commit d3c80698c9f58a0683badf78793eebaa0c71afbd and fixed in 6.4.7 with commit 819656cc03dec7f7f7800274dfbc8eb49f888e9f Issue introduced in 5.16 with commit d3c80698c9f58a0683badf78793eebaa0c71afbd and fixed in 6.5 with commit 05abb3be91d8788328231ee02973ab3d47f5e3d2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53181 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/dma-buf/dma-resv.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/19e7b9f1f7e1cb92a4cc53b4c064f7fb4b1f1983 https://git.kernel.org/stable/c/819656cc03dec7f7f7800274dfbc8eb49f888e9f https://git.kernel.org/stable/c/05abb3be91d8788328231ee02973ab3d47f5e3d2
Powered by blists - more mailing lists