Lucene search

K
cvelistLinuxCVELIST:CVE-2023-52700
HistoryMay 21, 2024 - 3:22 p.m.

CVE-2023-52700 tipc: fix kernel warning when sending SYN message

2024-05-2115:22:50
Linux
www.cve.org
linux kernel
tipc vulnerability
syn message
kernel warning
commit a41dad905e5a

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix kernel warning when sending SYN message

When sending a SYN message, this kernel stack trace is observed:


[ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550

[ 13.398494] Call Trace:
[ 13.398630] <TASK>
[ 13.398630] ? __alloc_skb+0xed/0x1a0
[ 13.398630] tipc_msg_build+0x12c/0x670 [tipc]
[ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290
[ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc]
[ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc]
[ 13.398630] ? __local_bh_enable_ip+0x37/0x80
[ 13.398630] tipc_connect+0x1d9/0x230 [tipc]
[ 13.398630] ? __sys_connect+0x9f/0xd0
[ 13.398630] __sys_connect+0x9f/0xd0
[ 13.398630] ? preempt_count_add+0x4d/0xa0
[ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50
[ 13.398630] __x64_sys_connect+0x16/0x20
[ 13.398630] do_syscall_64+0x42/0x90
[ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd

It is because commit a41dad905e5a (“iov_iter: saner checks for attempt
to copy to/from iterator”) has introduced sanity check for copying
from/to iov iterator. Lacking of copy direction from the iterator
viewpoint would lead to kernel stack trace like above.

This commit fixes this issue by initializing the iov iterator with
the correct copy direction when sending SYN or ACK without data.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/tipc/socket.c"
    ],
    "versions": [
      {
        "version": "f25dcc7687d4",
        "lessThan": "54b6082aec17",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f25dcc7687d4",
        "lessThan": "11a4d6f67cf5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/tipc/socket.c"
    ],
    "versions": [
      {
        "version": "4.0",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.0",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.13",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.2",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2023-52700