CVE-2023-52811
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
In practice the driver should never send more commands than are allocated
to a queue's event pool. In the unlikely event that this happens, the code
asserts a BUG_ON, and in the case that the kernel is not configured to
crash on panic returns a junk event pointer from the empty event list
causing things to spiral from there. This BUG_ON is a historical artifact
of the ibmvfc driver first being upstreamed, and it is well known now that
the use of BUG_ON is bad practice except in the most unrecoverable
scenario. There is nothing about this scenario that prevents the driver
from recovering and carrying on.
Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL
pointer in the case of an empty event pool. Update all call sites to
ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate
failure or recovery action.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ibmvfc: Eliminar BUG_ON en el caso de un grupo de eventos vacío. En la práctica, el controlador nunca debe enviar más comandos de los asignados al grupo de eventos de una cola. En el improbable caso de que esto suceda, el código afirma un BUG_ON, y en el caso de que el kernel no esté configurado para fallar en caso de pánico, devuelve un puntero de evento basura de la lista de eventos vacía, lo que hace que las cosas vayan en espiral a partir de ahí. Este BUG_ON es un artefacto histórico del controlador ibmvfc que se actualizó por primera vez, y ahora es bien sabido que el uso de BUG_ON es una mala práctica, excepto en el escenario más irrecuperable. No hay nada en este escenario que impida al conductor recuperarse y continuar. Elimine el BUG_ON en cuestión de ibmvfc_get_event() y devuelva un puntero NULL en el caso de un grupo de eventos vacío. Actualice todos los sitios de llamadas a ibmvfc_get_event() para comprobar si hay un puntero NULL y realizar la acción de recuperación o error adecuada.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-21 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-52811 | 2024-08-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2282743 | 2024-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.15.140 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.140" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.1.64 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.64" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.5.13 Search vendor "Linux" for product "Linux Kernel" and version " < 6.5.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.6.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7" | en |
Affected
| ||||||