Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2023-52836
HistoryMay 21, 2024 - 3:31 p.m.

CVE-2023-52836 locking/ww_mutex/test: Fix potential workqueue corruption

2024-05-2115:31:37
Linux
www.cve.org
linux kernel
workqueue corruption
vulnerability
fix
stress struct
flush_workqueue

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

locking/ww_mutex/test: Fix potential workqueue corruption

In some cases running with the test-ww_mutex code, I was seeing
odd behavior where sometimes it seemed flush_workqueue was
returning before all the work threads were finished.

Often this would cause strange crashes as the mutexes would be
freed while they were being used.

Looking at the code, there is a lifetime problem as the
controlling thread that spawns the work allocates the
“struct stress” structures that are passed to the workqueue
threads. Then when the workqueue threads are finished,
they free the stress struct that was passed to them.

Unfortunately the workqueue work_struct node is in the stress
struct. Which means the work_struct is freed before the work
thread returns and while flush_workqueue is waiting.

It seems like a better idea to have the controlling thread
both allocate and free the stress structures, so that we can
be sure we don’t corrupt the workqueue by freeing the structure
prematurely.

So this patch reworks the test to do so, and with this change
I no longer see the early flush_workqueue returns.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/locking/test-ww_mutex.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "d4d37c9e6a4d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "d8267cabbe1b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "dcd85e3c9293",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "9ed2d68b3925",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "e89d0ed45a41",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "c56df79d6867",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "e36407713163",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "304a2c4aad0f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "bccdd808902f",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/locking/test-ww_mutex.c"
    ],
    "versions": [
      {
        "version": "4.14.331",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.300",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.262",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.202",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.140",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.64",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.5.13",
        "lessThanOrEqual": "6.5.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.3",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
nvd 1
debiancve 1
vulnrichment 1
cve 1
redhatcve 1
ubuntucve
ubuntucve
CVE-2023-52836
2024-05-21 00:00:00
nvd
nvd
CVE-2023-52836
2024-05-21 16:15:21
debiancve
debiancve
CVE-2023-52836
2024-05-21 16:15:21
vulnrichment
vulnrichment
CVE-2023-52836 locking/ww_mutex/test: Fix potential workqueue corruption
2024-05-21 15:31:37
cve
cve
CVE-2023-52836
2024-05-21 16:15:21
redhatcve
redhatcve
CVE-2023-52836
2024-05-23 11:13:06

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON
Related for CVELIST:CVE-2023-52836
ubuntucve1nvd1debiancve1vulnrichment1cve1redhatcve1