CVE-2023-52700
tipc: fix kernel warning when sending SYN message
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix kernel warning when sending SYN message
When sending a SYN message, this kernel stack trace is observed:
...
[ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550
...
[ 13.398494] Call Trace:
[ 13.398630] <TASK>
[ 13.398630] ? __alloc_skb+0xed/0x1a0
[ 13.398630] tipc_msg_build+0x12c/0x670 [tipc]
[ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290
[ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc]
[ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc]
[ 13.398630] ? __local_bh_enable_ip+0x37/0x80
[ 13.398630] tipc_connect+0x1d9/0x230 [tipc]
[ 13.398630] ? __sys_connect+0x9f/0xd0
[ 13.398630] __sys_connect+0x9f/0xd0
[ 13.398630] ? preempt_count_add+0x4d/0xa0
[ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50
[ 13.398630] __x64_sys_connect+0x16/0x20
[ 13.398630] do_syscall_64+0x42/0x90
[ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd
It is because commit a41dad905e5a ("iov_iter: saner checks for attempt
to copy to/from iterator") has introduced sanity check for copying
from/to iov iterator. Lacking of copy direction from the iterator
viewpoint would lead to kernel stack trace like above.
This commit fixes this issue by initializing the iov iterator with
the correct copy direction when sending SYN or ACK without data.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: corrige la advertencia del kernel al enviar un mensaje SYN Al enviar un mensaje SYN, se observa este seguimiento de la pila del kernel: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 . .. [ 13.398494] Seguimiento de llamadas: [ 13.398630] [ 13.398630] ? __alloc_skb+0xed/0x1a0 [13.398630] tipc_msg_build+0x12c/0x670 [tipc] [13.398630]? shmem_add_to_page_cache.isra.71+0x151/0x290 [13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc] [13.398630] ? tipc_connect+0x1d9/0x230 [tipc] [13.398630]? __local_bh_enable_ip+0x37/0x80 [13.398630] tipc_connect+0x1d9/0x230 [tipc] [13.398630]? __sys_connect+0x9f/0xd0 [ 13.398630] __sys_connect+0x9f/0xd0 [ 13.398630] ? preempt_count_add+0x4d/0xa0 [13.398630]? fpregs_assert_state_consistent+0x22/0x50 [ 13.398630] __x64_sys_connect+0x16/0x20 [ 13.398630] do_syscall_64+0x42/0x90 [ 13.398630] Entry_SYSCALL_64_after_hwframe+0x63/0xcd Es porque la confirmación 41dad905e5a ("iov_iter: comprobaciones más sensatas para intentar copiar hacia/desde el iterador") ha introducido una verificación de cordura para copiar desde/hacia el iterador iov. La falta de dirección de copia desde el punto de vista del iterador conduciría a un seguimiento de la pila del kernel como se muestra arriba. Esta confirmación soluciona este problema al inicializar el iterador iov con la dirección de copia correcta al enviar SYN o ACK sin datos.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-07 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/f25dcc7687d42a72de18aa41b04990a24c9e77c7 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32 | 2023-02-22 | |
| https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc | 2023-02-15 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-52700 | 2024-07-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2282609 | 2024-07-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.0 < 6.1.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 6.1.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.0 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 6.2" | en |
Affected
| ||||||