CVE-2023-52615

hwrng: core - Fix page fault dead lock on mmap-ed hwrng

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers
when the user reads from /dev/hwrng into memory also mmap-ed from
/dev/hwrng. The resulting page fault triggers a recursive read
which then dead-locks. Fix this by using a stack buffer when calling copy_to_user.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwrng: core: soluciona el bloqueo de falla de página en mmap-ed hwrng Hay un bloqueo en la ruta de lectura del dispositivo hwrng. Esto se activa cuando el usuario lee desde /dev/hwrng en la memoria y también realiza mmap-ed desde /dev/hwrng. El error de página resultante desencadena una lectura recursiva que luego se bloquea. Solucione este problema utilizando un búfer de pila al llamar a copy_to_user.

A vulnerability was found in the hwrng component of the Linux kernel, which caused a deadlock when reading from /dev/hwrng into memory and mmap-ed from /dev/hwrng. This issue is triggered by a recursive read during a page fault and allows a local, authenticated attacker to cause a denial of service.

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user.

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-03-18 CVE Published
2024-12-19 CVE Updated
2025-03-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/9996508b3353063f2d6c48c1a28a84543d72d70b	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990	2024-02-23
https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48	2024-02-23
https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c	2024-02-23
https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0	2024-02-23
https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e	2024-02-01
https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d	2024-02-01
https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029	2024-02-01
https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922	2023-12-08

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52615	2025-03-10
https://bugzilla.redhat.com/show_bug.cgi?id=2270093	2025-03-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 4.19.307"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 5.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.1.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.8"		en		Affected