| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091855-CVE-2023-53372-4d9e@gregkh> Date: Thu, 18 Sep 2025 15:34:17 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53372: sctp: fix a potential overflow in sctp_ifwdtsn_skip From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: sctp: fix a potential overflow in sctp_ifwdtsn_skip Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only checks the pos against the end of the chunk. However, the data left for the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference it as struct sctp_ifwdtsn_skip may cause coverflow. This patch fixes it by checking the pos against "the end of the chunk - sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to sctp_fwdtsn_skip. The Linux kernel CVE team has assigned CVE-2023-53372 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit 0fc2ea922c8ad5520c80f03facbf396c81dce802 and fixed in 4.19.281 with commit 4fbd094d4131a10d06a45d64158567052a35b3f4 Issue introduced in 4.16 with commit 0fc2ea922c8ad5520c80f03facbf396c81dce802 and fixed in 5.4.241 with commit ad831a7079c99c01e801764b53bc9997c2e9c0f7 Issue introduced in 4.16 with commit 0fc2ea922c8ad5520c80f03facbf396c81dce802 and fixed in 5.10.178 with commit 79b28f42214a3d0d6a8c514db3602260bd5d6cb5 Issue introduced in 4.16 with commit 0fc2ea922c8ad5520c80f03facbf396c81dce802 and fixed in 5.15.108 with commit 6109f5b13ce3e3e537db6f18976ec0e9118d1c6f Issue introduced in 4.16 with commit 0fc2ea922c8ad5520c80f03facbf396c81dce802 and fixed in 6.1.25 with commit 5c9367ac5a22d71841bcd00130f9146c9b227d57 Issue introduced in 4.16 with commit 0fc2ea922c8ad5520c80f03facbf396c81dce802 and fixed in 6.2.12 with commit ad988e9b5ff04607e624a459209e8c2d0c15fc73 Issue introduced in 4.16 with commit 0fc2ea922c8ad5520c80f03facbf396c81dce802 and fixed in 6.3 with commit 32832a2caf82663870126c5186cf8f86c8b2a649 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53372 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/sctp/stream_interleave.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/4fbd094d4131a10d06a45d64158567052a35b3f4 https://git.kernel.org/stable/c/ad831a7079c99c01e801764b53bc9997c2e9c0f7 https://git.kernel.org/stable/c/79b28f42214a3d0d6a8c514db3602260bd5d6cb5 https://git.kernel.org/stable/c/6109f5b13ce3e3e537db6f18976ec0e9118d1c6f https://git.kernel.org/stable/c/5c9367ac5a22d71841bcd00130f9146c9b227d57 https://git.kernel.org/stable/c/ad988e9b5ff04607e624a459209e8c2d0c15fc73 https://git.kernel.org/stable/c/32832a2caf82663870126c5186cf8f86c8b2a649
Powered by blists - more mailing lists