CVE-2023-52615
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
There is a dead-lock in the hwrng device read path. This triggers
when the user reads from /dev/hwrng into memory also mmap-ed from
/dev/hwrng. The resulting page fault triggers a recursive read
which then dead-locks.
Fix this by using a stack buffer when calling copy_to_user.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwrng: core: soluciona el bloqueo de falla de página en mmap-ed hwrng Hay un bloqueo en la ruta de lectura del dispositivo hwrng. Esto se activa cuando el usuario lee desde /dev/hwrng en la memoria y también realiza mmap-ed desde /dev/hwrng. El error de página resultante desencadena una lectura recursiva que luego se bloquea. Solucione este problema utilizando un búfer de pila al llamar a copy_to_user.
A vulnerability was found in the hwrng component of the Linux kernel, which caused a deadlock when reading from /dev/hwrng into memory and mmap-ed from /dev/hwrng. This issue is triggered by a recursive read during a page fault and allows a local, authenticated attacker to cause a denial of service.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-06 CVE Reserved
- 2024-03-18 CVE Published
- 2024-12-17 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (13)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-52615 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2270093 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 4.19.307" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 5.4.269" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 5.10.210" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 5.15.149" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.1.76" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.6.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.7.3" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.33 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.8" | en |
Affected
|