CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52483 – mctp: perform route lookups under a RCU read-side lock
https://notcve.org/view.php?id=CVE-2023-52483
In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups (mctp_route_lookup and mctp_route_lookup_null) traverse the net's route list without the RCU read lock held. This means the route lookup is subject to preemption, resulting in an potential grace period expiry, and so an eventual kfree() while we still have the route pointer. Add the proper read-side critical section locks around the route lookups, preventing premption and a possible parallel kfree. The remaining net->mctp.routes accesses are already under a rcu_read_lock, or protected by the RTNL for updates. Based on an analysis from Sili Luo <rootlab@huawei.com>, where introducing a delay in the route lookup could cause a UAF on simultaneous sendmsg() and route deletion. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mctp: realiza búsquedas de rutas bajo un bloqueo del lado de lectura de RCU. Nuestras búsquedas de rutas actuales (mctp_route_lookup y mctp_route_lookup_null) atraviesan la lista de rutas de la red sin que se mantenga el bloqueo de lectura de RCU. Esto significa que la búsqueda de ruta está sujeta a preferencia, lo que resulta en una posible expiración del período de gracia y, por lo tanto, en un eventual kfree() mientras todavía tenemos el puntero de ruta. • https://git.kernel.org/stable/c/889b7da23abf92faf34491df95733bda63639e32 https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67 https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4 https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52482 – x86/srso: Add SRSO mitigation for Hygon processors
https://notcve.org/view.php?id=CVE-2023-52482
In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/srso: agregue mitigación SRSO para procesadores Hygon. Agregue mitigación para la vulnerabilidad de desbordamiento de pila de retorno especulativo que también existe en los procesadores Hygon. • https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d https://git.kernel.org/stable/c/f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37 https://git.kernel.org/stable/c/6ce2f297a7168274547d0b5aea6c7c16268b8a96 https://git.kernel.org/stable/c/cf43b304b6952b549d58feabc342807b334f03d4 https://git.kernel.org/stable/c/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52481 – arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
https://notcve.org/view.php?id=CVE-2023-52481
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation (e.g. same ASID and VMID). Therefore, the issue only affects the return to EL0. The workaround is to execute a TLBI before returning to EL0 after all loads of privileged data. A non-shareable TLBI to any address is sufficient. The workaround isn't necessary if page table isolation (KPTI) is enabled, but for simplicity it will be. • https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25 https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52480 – ksmbd: fix race condition between session lookup and expire
https://notcve.org/view.php?id=CVE-2023-52480
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) --> kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add rwsem to fix race condition between ksmbd_session_lookup and ksmbd_expire_session. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige la condición de ejecución entre la búsqueda de sesión y la caducidad del subproceso A + subproceso B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sesiones, sesión->id); | | ksmbd_session_destroy(sess) --> kfree(sess) | // ¡UAF! | sess->last_active = jiffies | + Este parche agrega rwsem para corregir la condición de ejecución entre ksmbd_session_lookup y ksmbd_expire_session. • https://git.kernel.org/stable/c/c77fd3e25a51ac92b0f1b347a96eff6a0b4f066f https://git.kernel.org/stable/c/a2ca5fd3dbcc665e1169044fa0c9e3eba779202b https://git.kernel.org/stable/c/18ced78b0ebccc2d16f426143dc56ab3aad666be https://git.kernel.org/stable/c/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52479 – ksmbd: fix uaf in smb20_oplock_break_ack
https://notcve.org/view.php?id=CVE-2023-52479
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix uaf in smb20_oplock_break_ack drop reference after use opinfo. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige uaf en smb20_oplock_break_ack elimina la referencia después de usar opinfo. • https://git.kernel.org/stable/c/694e13732e830cbbfedb562e57f28644927c33fd https://git.kernel.org/stable/c/8226ffc759ea59f10067b9acdf7f94bae1c69930 https://git.kernel.org/stable/c/d5b0e9d3563e7e314a850e81f42b2ef6f39882f9 https://git.kernel.org/stable/c/c69813471a1ec081a0b9bf0c6bd7e8afd818afce •