CVE-2023-52451
- ULN >
- Oracle Linux CVE repository >
- CVE-2023-52451
CVE Details
| Release Date: | 2024-02-22 |
Description
In the Linux kernel, the following vulnerability has been resolved:\npowerpc/pseries/memhp: Fix access beyond end of drmem array\ndlpar_memory_remove_by_index() may access beyond the bounds of the\ndrmem lmb array when the LMB lookup fails to match an entry with the\ngiven DRC index. When the search fails, the cursor is left pointing to\n&drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the\nlast valid entry in the array. The debug message at the end of the\nfunction then dereferences this pointer:\npr_debug('Failed to hot-remove memory at %llx\n',\nlmb->base_addr);\nThis was found by inspection and confirmed with KASAN:\npseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234\n==================================================================\nBUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658\nRead of size 8 at addr c000000364e97fd0 by task bash/949\ndump_stack_lvl+0xa4/0xfc (unreliable)\nprint_report+0x214/0x63c\nkasan_report+0x140/0x2e0\n__asan_load8+0xa8/0xe0\ndlpar_memory+0x298/0x1658\nhandle_dlpar_errorlog+0x130/0x1d0\ndlpar_store+0x18c/0x3e0\nkobj_attr_store+0x68/0xa0\nsysfs_kf_write+0xc4/0x110\nkernfs_fop_write_iter+0x26c/0x390\nvfs_write+0x2d4/0x4e0\nksys_write+0xac/0x1a0\nsystem_call_exception+0x268/0x530\nsystem_call_vectored_common+0x15c/0x2ec\nAllocated by task 1:\nkasan_save_stack+0x48/0x80\nkasan_set_track+0x34/0x50\nkasan_save_alloc_info+0x34/0x50\n__kasan_kmalloc+0xd0/0x120\n__kmalloc+0x8c/0x320\nkmalloc_array.constprop.0+0x48/0x5c\ndrmem_init+0x2a0/0x41c\ndo_one_initcall+0xe0/0x5c0\nkernel_init_freeable+0x4ec/0x5a0\nkernel_init+0x30/0x1e0\nret_from_kernel_user_thread+0x14/0x1c\nThe buggy address belongs to the object at c000000364e80000\nwhich belongs to the cache kmalloc-128k of size 131072\nThe buggy address is located 0 bytes to the right of\nallocated 98256-byte region [c000000364e80000, c000000364e97fd0)\n==================================================================\npseries-hotplug-mem: Failed to hot-remove memory at 0\nLog failed lookups with a separate message and dereference the\ncursor only when it points to a valid entry.
See more information about CVE-2023-52451 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 4.4 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | High | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel) | ELSA-2024-5101 | 2024-08-08 |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
