| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100112-CVE-2023-53480-95ab@gregkh>
Date: Wed, 1 Oct 2025 13:42:50 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53480: kobject: Add sanity check for kset->kobj.ktype in kset_register()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
kobject: Add sanity check for kset->kobj.ktype in kset_register()
When I register a kset in the following way:
static struct kset my_kset;
kobject_set_name(&my_kset.kobj, "my_kset");
ret = kset_register(&my_kset);
A null pointer dereference exception is occurred:
[ 4453.568337] Unable to handle kernel NULL pointer dereference at \
virtual address 0000000000000028
... ...
[ 4453.810361] Call trace:
[ 4453.813062] kobject_get_ownership+0xc/0x34
[ 4453.817493] kobject_add_internal+0x98/0x274
[ 4453.822005] kset_register+0x5c/0xb4
[ 4453.825820] my_kobj_init+0x44/0x1000 [my_kset]
... ...
Because I didn't initialize my_kset.kobj.ktype.
According to the description in Documentation/core-api/kobject.rst:
- A ktype is the type of object that embeds a kobject. Every structure
that embeds a kobject needs a corresponding ktype.
So add sanity check to make sure kset->kobj.ktype is not NULL.
The Linux kernel CVE team has assigned CVE-2023-53480 to this issue.
Affected and fixed versions
===========================
Fixed in 4.14.326 with commit 1792eac72e27f676bf9ebde28a5afea627fb85f0
Fixed in 4.19.295 with commit 039ec9db2d30032eafa365f5f89b30eca5322b05
Fixed in 5.4.257 with commit 964e025ceefdf75da46b0133d0c2790de451aeec
Fixed in 5.10.197 with commit 5df5829158513134ddcaf2184d9286eda7b0bb18
Fixed in 5.15.133 with commit f3f6bf22a4f5ba649cf26ae4670de5c7f861bdef
Fixed in 6.1.55 with commit 48aebbe801e78a8932404c122ed0e880ccedc220
Fixed in 6.5.5 with commit 1a772881bc059c596d8ca587cbd2a233edce3d3b
Fixed in 6.6 with commit 4d0fe8c52bb3029d83e323c961221156ab98680b
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-53480
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
lib/kobject.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/1792eac72e27f676bf9ebde28a5afea627fb85f0
https://git.kernel.org/stable/c/039ec9db2d30032eafa365f5f89b30eca5322b05
https://git.kernel.org/stable/c/964e025ceefdf75da46b0133d0c2790de451aeec
https://git.kernel.org/stable/c/5df5829158513134ddcaf2184d9286eda7b0bb18
https://git.kernel.org/stable/c/f3f6bf22a4f5ba649cf26ae4670de5c7f861bdef
https://git.kernel.org/stable/c/48aebbe801e78a8932404c122ed0e880ccedc220
https://git.kernel.org/stable/c/1a772881bc059c596d8ca587cbd2a233edce3d3b
https://git.kernel.org/stable/c/4d0fe8c52bb3029d83e323c961221156ab98680b
Powered by blists - more mailing lists