In the Linux kernel, the following vulnerability has been resolved:
x86/alternatives: Disable KASAN in apply_alternatives() Fei has reported
that KASAN triggers during apply_alternatives() on a 5-level paging
machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at
addr ff110003ee6419a0 by task swapper/0/0 … __asan_load4()
rcu_is_watching() trace_hardirqs_on() text_poke_early()
apply_alternatives() … On machines with 5-level paging,
cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code,
where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined
with cpu_feature_enabled(). KASAN gets confused when apply_alternatives()
patches the KASAN_SHADOW_START users. A test patch that makes
KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works
around the issue. Fix it for real by disabling KASAN while the kernel is
patching alternatives. [ mingo: updated the changelog ]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-186.206 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1126.136 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1126.136~18.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1131.138 | UNKNOWN |
git.kernel.org/linus/d35652a5fc9944784f6f50a5c979518ff8dacf61 (6.6-rc6)
launchpad.net/bugs/cve/CVE-2023-52504
nvd.nist.gov/vuln/detail/CVE-2023-52504
security-tracker.debian.org/tracker/CVE-2023-52504
ubuntu.com/security/notices/USN-6831-1
ubuntu.com/security/notices/USN-6867-1
www.cve.org/CVERecord?id=CVE-2023-52504