CVE-2023-52580
- ULN >
- Oracle Linux CVE repository >
- CVE-2023-52580
CVE Details
| Release Date: | 2024-03-02 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nnet/core: Fix ETH_P_1588 flow dissector\nWhen a PTP ethernet raw frame with a size of more than 256 bytes followed\nby a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation\nis wrong. For example: hdr->message_length takes the wrong value (0xffff)\nand it does not replicate real header length. In this case, 'nhoff' value\nwas overridden and the PTP header was badly dissected. This leads to a\nkernel crash.\nnet/core: flow_dissector\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector hdr->message_length = 0x0000ffff\nnet/core flow dissector nhoff = 0x0001000d (u16 overflow)\n...\nskb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88\nskb frag: 00000000: f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nUsing the size of the ptp_header struct will allow the corrected\ncalculation of the nhoff value.\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector nhoff = 0x00000030 (sizeof ptp_header)\n...\nskb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 f7 ff ff\nskb linear: 00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb linear: 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb frag: 00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nKernel trace:\n[ 74.984279] ------------[ cut here ]------------\n[ 74.989471] kernel BUG at include/linux/skbuff.h:2440!\n[ 74.995237] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 75.001098] CPU: 4 PID: 0 Comm: swapper/4 Tainted: G U 5.15.85-intel-ese-standard-lts #1\n[ 75.011629] Hardware name: Intel Corporation A-Island (CPU:AlderLake)/A-Island (ID:06), BIOS SB_ADLP.01.01.00.01.03.008.D-6A9D9E73-dirty Mar 30 2023\n[ 75.026507] RIP: 0010:eth_type_trans+0xd0/0x130\n[ 75.031594] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab <0f> 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9\n[ 75.052612] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297\n[ 75.058473] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003\n[ 75.066462] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300\n[ 75.074458] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800\n[ 75.082466] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010\n[ 75.090461] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800\n[ 75.098464] FS: 0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000\n[ 75.107530] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 75.113982] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0\n[ 75.121980] PKRU: 55555554\n[ 75.125035] Call Trace:\n[ 75.127792]
See more information about CVE-2023-52580 from MITRE CVE dictionary and NIST NVD
CVSS v3.0 metrics
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | Base Metrics: | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Access Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel) | ELSA-2024-3138 | 2024-05-23 |
| Oracle Linux version 9 (kernel) | ELSA-2024-2394 | 2024-05-02 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
