lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025100427-CVE-2023-53590-9f1d@gregkh>
Date: Sat,  4 Oct 2025 17:51:44 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53590: sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop

With this refcnt added in sctp_stream_priorities, we don't need to
traverse all streams to check if the prio is used by other streams
when freeing one stream's prio in sctp_sched_prio_free_sid(). This
can avoid a nested loop (up to 65535 * 65535), which may cause a
stuck as Ying reported:

    watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136]
    Call Trace:
     <TASK>
     sctp_sched_prio_free_sid+0xab/0x100 [sctp]
     sctp_stream_free_ext+0x64/0xa0 [sctp]
     sctp_stream_free+0x31/0x50 [sctp]
     sctp_association_free+0xa5/0x200 [sctp]

Note that it doesn't need to use refcount_t type for this counter,
as its accessing is always protected under the sock lock.

v1->v2:
 - add a check in sctp_sched_prio_set to avoid the possible prio_head
   refcnt overflow.

The Linux kernel CVE team has assigned CVE-2023-53590 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.4.226 with commit a7555681e50bdebed2c40ff7404ee73c2e932993 and fixed in 5.4.235 with commit cec326443f01283ef68ea00c06ea073b1835a562
	Issue introduced in 5.10.158 with commit 176ee6c673ccd118e9392fd2dbb165423bdb99ca and fixed in 5.10.173 with commit 8ee401f89cdb10f39098c0656d695b2bc4052100
	Issue introduced in 5.15.82 with commit 0dfb9a566327182387c90100ea54d8426cee8c67 and fixed in 5.15.100 with commit bf5540cbd20e2dae2c81ab9b31deef41ef147d0a
	Issue introduced in 6.1 with commit 9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9 and fixed in 6.1.18 with commit 03c3a5584a0a29821e59b7834635ce823050caaa
	Issue introduced in 6.1 with commit 9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9 and fixed in 6.2.5 with commit 6d529928ea212127851a2df8c40d822237ca946b
	Issue introduced in 6.1 with commit 9ed7bfc79542119ac0a9e1ce8a2a5285e43433e9 and fixed in 6.3 with commit 68ba44639537de6f91fe32783766322d41848127
	Issue introduced in 6.0.12 with commit fa20f88271259d42ebe66f0a8c4c20199e888c99

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-53590
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	include/net/sctp/structs.h
	net/sctp/stream_sched_prio.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/cec326443f01283ef68ea00c06ea073b1835a562
	https://git.kernel.org/stable/c/8ee401f89cdb10f39098c0656d695b2bc4052100
	https://git.kernel.org/stable/c/bf5540cbd20e2dae2c81ab9b31deef41ef147d0a
	https://git.kernel.org/stable/c/03c3a5584a0a29821e59b7834635ce823050caaa
	https://git.kernel.org/stable/c/6d529928ea212127851a2df8c40d822237ca946b
	https://git.kernel.org/stable/c/68ba44639537de6f91fe32783766322d41848127

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ