CVE-2023-52704
freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL
Tetsuo-San noted that commit f5d39b020809 ("freezer,sched: Rewrite
core freezer logic") broke call_usermodehelper_exec() for the KILLABLE
case.
Specifically it was missed that the second, unconditional,
wait_for_completion() was not optional and ensures the on-stack
completion is unused before going out-of-scope.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL .Tetsuo-San notó que la confirmación f5d39b020809 ("freezer,sched: Rewrite core freezer logic") rompió call_usermodehelper_exec() para el caso KILLABLE. Específicamente, se pasó por alto que el segundo wait_for_completion() incondicional no era opcional y garantiza que la finalización en la pila no se utilice antes de salir del alcance.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-07 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/f5d39b020809146cc28e6e73369bf8065e0310aa | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/stable/c/7f9f6c54da876b3f0bece2b569456ceb96965ed7 | 2023-02-22 | |
https://git.kernel.org/stable/c/eedeb787ebb53de5c5dcf7b7b39d01bf1b0f037d | 2023-02-13 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1 < 6.1.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.13" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.2" | en |
Affected
|