CVE-2023-52639

KVM: s390: vsie: fix race during shadow creation

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

KVM: s390: vsie: fix race during shadow creation

Right now it is possible to see gmap->private being zero in
kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the
fact that we add gmap->private == kvm after creation:

static int acquire_gmap_shadow(struct kvm_vcpu *vcpu,
struct vsie_page *vsie_page)
{
[...]
gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);
if (IS_ERR(gmap))
return PTR_ERR(gmap);
gmap->private = vcpu->kvm;

Let children inherit the private field of the parent.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: KVM: s390: vsie: corrige la ejecución durante la creación de la sombra. En este momento es posible ver que gmap->private es cero en kvm_s390_vsie_gmap_notifier, lo que provoca un bloqueo. Esto se debe al hecho de que agregamos gmap->private == kvm después de la creación: static int adquirir_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { [...] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); si (IS_ERR(gmap)) devuelve PTR_ERR(gmap); gmap->privado = vcpu->kvm; Deje que los niños hereden el campo privado del padre.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.7

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-04-03 CVE Published
2024-04-04 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/a3508fbe9dc6dd3bece0c7bf889cc085a011738c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5df3b81a567eb565029563f26f374ae3803a1dfc	2024-03-15
https://git.kernel.org/stable/c/f5572c0323cf8b4f1f0618178648a25b8fb8a380	2024-03-15
https://git.kernel.org/stable/c/28bb27824f25f36e5f80229a358d66ee09244082	2024-02-23
https://git.kernel.org/stable/c/fe752331d4b361d43cfd0b89534b4b2176057c32	2023-12-21

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52639	2024-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=2273080	2024-08-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.1.82 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.1.82"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.6.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.6.22"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.8"		en		Affected