| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123037-CVE-2023-54317-4750@gregkh> Date: Tue, 30 Dec 2025 13:24:10 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54317: dm flakey: don't corrupt the zero page From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the zero page. If we use dm-flakey with corrupt bio writes option, it will corrupt the content of the zero page which results in crashes of various userspace programs. Glibc assumes that memory returned by mmap is zeroed and it uses it for calloc implementation; if the newly mapped memory is not zeroed, calloc will return non-zeroed memory. Fix this bug by testing if the page is equal to ZERO_PAGE(0) and avoiding the corruption in this case. The Linux kernel CVE team has assigned CVE-2023-54317 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14.158 with commit c6cd92fcabd6cc78bb1808c6a18245c842722fc1 and fixed in 4.14.308 with commit b7f8892f672222dbfcc721f51edc03963212b249 Issue introduced in 4.19.88 with commit d4c637af2e56ee1ec66ee34d0ac5a13c75911aec and fixed in 4.19.276 with commit 98e311be44dbe31ad9c42aa067b2359bac451fda Issue introduced in 5.0 with commit a00f5276e26636cbf72f24f79831026d2e2868e7 and fixed in 5.4.235 with commit 3c4a56ef7c538d16c1738ba0ccea9e7146105b5a Issue introduced in 5.0 with commit a00f5276e26636cbf72f24f79831026d2e2868e7 and fixed in 5.10.173 with commit f2b478228bfdd11e358c5bc197561331f5d5c394 Issue introduced in 5.0 with commit a00f5276e26636cbf72f24f79831026d2e2868e7 and fixed in 5.15.99 with commit ff60b2bb680ebcaf8890814dd51084a022891469 Issue introduced in 5.0 with commit a00f5276e26636cbf72f24f79831026d2e2868e7 and fixed in 6.1.16 with commit be360c83f2d810493c04f999d69ec9152981e0c0 Issue introduced in 5.0 with commit a00f5276e26636cbf72f24f79831026d2e2868e7 and fixed in 6.2.3 with commit 63d31617883d64b43b0e2d529f0751f40713ecae Issue introduced in 5.0 with commit a00f5276e26636cbf72f24f79831026d2e2868e7 and fixed in 6.3 with commit f50714b57aecb6b3dc81d578e295f86d9c73f078 Issue introduced in 4.9.206 with commit 1ed7c9f45fb893877ffa7cedd7aa61beaadbb328 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54317 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/md/dm-flakey.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b7f8892f672222dbfcc721f51edc03963212b249 https://git.kernel.org/stable/c/98e311be44dbe31ad9c42aa067b2359bac451fda https://git.kernel.org/stable/c/3c4a56ef7c538d16c1738ba0ccea9e7146105b5a https://git.kernel.org/stable/c/f2b478228bfdd11e358c5bc197561331f5d5c394 https://git.kernel.org/stable/c/ff60b2bb680ebcaf8890814dd51084a022891469 https://git.kernel.org/stable/c/be360c83f2d810493c04f999d69ec9152981e0c0 https://git.kernel.org/stable/c/63d31617883d64b43b0e2d529f0751f40713ecae https://git.kernel.org/stable/c/f50714b57aecb6b3dc81d578e295f86d9c73f078
Powered by blists - more mailing lists