CVE-2023-52771

CVE Details

Release Date:2024-05-21

Description


In the Linux kernel, the following vulnerability has been resolved:\ncxl/port: Fix delete_endpoint() vs parent unregistration race\nThe CXL subsystem, at cxl_mem ->probe() time, establishes a lineage of\nports (struct cxl_port objects) between an endpoint and the root of a\nCXL topology. Each port including the endpoint port is attached to the\ncxl_port driver.\nGiven that setup, it follows that when either any port in that lineage\ngoes through a cxl_port ->remove() event, or the memdev goes through a\ncxl_mem ->remove() event. The hierarchy below the removed port, or the\nentire hierarchy if the memdev is removed needs to come down.\nThe delete_endpoint() callback is careful to check whether it is being\ncalled to tear down the hierarchy, or if it is only being called to\nteardown the memdev because an ancestor port is going through\n->remove().\nThat care needs to take the device_lock() of the endpoint's parent.\nWhich requires 2 bugs to be fixed:\n1/ A reference on the parent is needed to prevent use-after-free\nscenarios like this signature:\nBUG: spinlock bad magic on CPU#0, kworker/u56:0/11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc38 05/24/2023\nWorkqueue: cxl_port detach_memdev [cxl_core]\nRIP: 0010:spin_bug+0x65/0xa0\nCall Trace:\ndo_raw_spin_lock+0x69/0xa0\n__mutex_lock+0x695/0xb80\ndelete_endpoint+0xad/0x150 [cxl_core]\ndevres_release_all+0xb8/0x110\ndevice_unbind_cleanup+0xe/0x70\ndevice_release_driver_internal+0x1d2/0x210\ndetach_memdev+0x15/0x20 [cxl_core]\nprocess_one_work+0x1e3/0x4c0\nworker_thread+0x1dd/0x3d0\n2/ In the case of RCH topologies, the parent device that needs to be\nlocked is not always @port->dev as returned by cxl_mem_find_port(), use\nendpoint->dev.parent instead.

See more information about CVE-2023-52771 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 4.4 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: High User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 9 (kernel)ELSA-2024-59282024-08-28


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete