CVE-2023-52677

riscv: Check if the code to patch lies in the exit section

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since the
address does not lie in the vmalloc region.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: compruebe si el código a parchear se encuentra en la sección de salida. De lo contrario, caeremos en vmalloc_to_page(), lo que entra en pánico ya que la dirección no se encuentra en la región vmalloc.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-07 CVE Reserved
2024-05-17 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/043cb41a85de1c0e944da61ad7a264960e22c865	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/938f70d14618ec72e10d6fcf8a546134136d7c13	2024-01-25
https://git.kernel.org/stable/c/890cfe5337e0aaf03ece1429db04d23c88da72e7	2024-01-25
https://git.kernel.org/stable/c/8db56df4a954b774bdc68917046a685a9fa2e4bc	2024-01-25
https://git.kernel.org/stable/c/1d7a03052846f34d624d0ab41a879adf5e85c85f	2024-01-25
https://git.kernel.org/stable/c/420370f3ae3d3b883813fd3051a38805160b2b9f	2024-01-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 5.15.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 5.15.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.7 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.7 < 6.8"		en		Affected