CVE-2023-52598
s390/ptrace: handle setting of fpc register correctly
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
s390/ptrace: handle setting of fpc register correctly
If the content of the floating point control (fpc) register of a traced
process is modified with the ptrace interface the new value is tested for
validity by temporarily loading it into the fpc register.
This may lead to corruption of the fpc register of the tracing process:
if an interrupt happens while the value is temporarily loaded into the
fpc register, and within interrupt context floating point or vector
registers are used, the current fp/vx registers are saved with
save_fpu_regs() assuming they belong to user space and will be loaded into
fp/vx registers when returning to user space.
test_fp_ctl() restores the original user space fpc register value, however
it will be discarded, when returning to user space.
In result the tracer will incorrectly continue to run with the value that
was supposed to be used for the traced process.
Fix this by saving fpu register contents with save_fpu_regs() before using
test_fp_ctl().
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/ptrace: maneja la configuración del registro fpc correctamente Si el contenido del registro de control de punto flotante (fpc) de un proceso rastreado se modifica con la interfaz ptrace, se prueba el nuevo valor validez cargándolo temporalmente en el registro fpc. Esto puede conducir a la corrupción del registro fpc del proceso de seguimiento: si ocurre una interrupción mientras el valor se carga temporalmente en el registro fpc, y dentro del contexto de interrupción se utilizan registros de punto flotante o vectoriales, los registros fp/vx actuales se guardan con save_fpu_regs() suponiendo que pertenecen al espacio del usuario y se cargarán en los registros fp/vx cuando regresen al espacio del usuario. test_fp_ctl() restaura el valor del registro fpc del espacio de usuario original; sin embargo, se descartará al regresar al espacio de usuario. Como resultado, el rastreador continuará ejecutándose incorrectamente con el valor que se suponía que debía usarse para el proceso rastreado. Solucione este problema guardando el contenido del registro fpu con save_fpu_regs() antes de usar test_fp_ctl().
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-02 CVE Reserved
- 2024-03-06 CVE Published
- 2024-03-06 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (11)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-52598 | 2024-06-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2268309 | 2024-06-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.307" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.269" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.210" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.149" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.1.77 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.77" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.6.16 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.16" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.7.4 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7.4" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8" | en |
Affected
|