Ubuntu.comUB:CVE-2023-52476CVE-2023-52476
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur
when a vsyscall is made while LBR sampling is active. If the vsyscall is
interrupted (NMI) for perf sampling, this call sequence can occur (most
recent at top): __insn_get_emulate_prefix() insn_get_emulate_prefix()
insn_get_prefixes() insn_get_opcode() decode_branch_type()
get_branch_type() intel_pmu_lbr_filter() intel_pmu_handle_irq()
perf_event_nmi_handler() Within __insn_get_emulate_prefix() at frame 0, a
macro is called: peek_nbyte_next(insn_byte_t, insn, i) Within this macro,
this dereference occurs: (insn)->next_byte Inspecting registers at this
point, the value of the next_byte field is the address of the vsyscall
made, for example the location of the vsyscall version of gettimeofday() at
0xffffffffff600000. The access to an address in the vsyscall region will
trigger an oops due to an unhandled page fault. To fix the bug, filtering
for vsyscalls can be done when determining the branch type. This patch will
return a “none” branch if a kernel address if found to lie in the vsyscall
region.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
Related
