CVE-2023-52801

iommufd: Fix missing update of domains_itree after splitting iopt_area

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

iommufd: Fix missing update of domains_itree after splitting iopt_area

In iopt_area_split(), if the original iopt_area has filled a domain and is
linked to domains_itree, pages_nodes have to be properly
reinserted. Otherwise the domains_itree becomes corrupted and we will UAF.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommufd: corrige la actualización faltante de domains_itree después de dividir iopt_area. En iopt_area_split(), si el iopt_area original ha llenado un dominio y está vinculado a domains_itree, los pages_nodes deben reinsertarse correctamente. De lo contrario, domains_itree se corrompe y usaremos UAF.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-22 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CWE-284: Improper Access Control

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/51fe6141f0f64ae0bbc096a41a07572273e8c0ef	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/836db2e7e4565d8218923b3552304a1637e2f28d	2023-11-28
https://git.kernel.org/stable/c/fcb32111f01ddf3cbd04644cde1773428e31de6a	2023-11-28
https://git.kernel.org/stable/c/e7250ab7ca4998fe026f2149805b03e09dc32498	2023-10-30

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52801	2024-09-11
https://bugzilla.redhat.com/show_bug.cgi?id=2282709	2024-09-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.7"		en		Affected