CVE-2023-52774

s390/dasd: protect device queue against concurrent access

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasd_profile_start() the amount of requests on the device queue are
counted. The access to the device queue is unprotected against
concurrent access. With a lot of parallel I/O, especially with alias
devices enabled, the device queue can change while dasd_profile_start()
is accessing the queue. In the worst case this leads to a kernel panic
due to incorrect pointer accesses. Fix this by taking the device lock before accessing the queue and
counting the requests. Additionally the check for a valid profile data
pointer can be done earlier to avoid unnecessary locking in a hot path.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/dasd: protege la cola de dispositivos contra el acceso concurrente. En dasd_profile_start() se cuenta la cantidad de solicitudes en la cola de dispositivos. El acceso a la cola de dispositivos no está protegido contra el acceso simultáneo. Con muchas E/S paralelas, especialmente con dispositivos alias habilitados, la cola de dispositivos puede cambiar mientras dasd_profile_start() accede a la cola. En el peor de los casos, esto provoca un pánico en el kernel debido a accesos incorrectos al puntero. Solucione este problema bloqueando el dispositivo antes de acceder a la cola y contando las solicitudes. Además, la verificación de un puntero de datos de perfil válido se puede realizar antes para evitar bloqueos innecesarios en una ruta activa.

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasd_profile_start() the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel I/O, especially with alias devices enabled, the device queue can change while dasd_profile_start() is accessing the queue. In the worst case this leads to a kernel panic due to incorrect pointer accesses. Fix this by taking the device lock before accessing the queue and counting the requests. Additionally the check for a valid profile data pointer can be done earlier to avoid unnecessary locking in a hot path.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-03-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/4fa52aa7a82f9226b3874a69816bda3af821f002	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ebdc569a07a3e8dbe66b4184922ad6f88ac0b96f	2023-12-08
https://git.kernel.org/stable/c/f75617cc8df4155374132f0b500b0b3ebb967458	2023-12-08
https://git.kernel.org/stable/c/f1ac7789406e2ca9ac51c41ad2daa597f47bdd4d	2023-12-08
https://git.kernel.org/stable/c/c841de6247e94e07566d57163d3c0d8b29278f7a	2023-12-08
https://git.kernel.org/stable/c/6062c527d0403cef27c54b91ac8390c3a497b250	2023-12-03
https://git.kernel.org/stable/c/dc96fde8fcb2b896fd6c64802a7f4ece2e69b0be	2023-12-03
https://git.kernel.org/stable/c/9372aab5d0ff621ea203c8c603e7e5f75e888240	2023-12-03
https://git.kernel.org/stable/c/db46cd1e0426f52999d50fa72cfa97fa39952885	2023-11-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 4.14.332 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 4.14.332"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 4.19.301 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 4.19.301"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 5.4.263 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 5.4.263"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 5.10.203 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 5.10.203"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 5.15.141 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 5.15.141"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 6.1.65 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 6.1.65"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 6.6.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 6.6.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 6.7"		en		Affected