In the Linux kernel, the following vulnerability has been resolved: tipc:
fix kernel warning when sending SYN message When sending a SYN message,
this kernel stack trace is observed: … [ 13.396352] RIP:
0010:_copy_from_iter+0xb4/0x550 … [ 13.398494] Call Trace: [ 13.398630]
<TASK> [ 13.398630] ? __alloc_skb+0xed/0x1a0 [ 13.398630]
tipc_msg_build+0x12c/0x670 [tipc] [ 13.398630] ?
shmem_add_to_page_cache.isra.71+0x151/0x290 [ 13.398630]
__tipc_sendmsg+0x2d1/0x710 [tipc] [ 13.398630] ? tipc_connect+0x1d9/0x230
[tipc] [ 13.398630] ? __local_bh_enable_ip+0x37/0x80 [ 13.398630]
tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __sys_connect+0x9f/0xd0 [
13.398630] __sys_connect+0x9f/0xd0 [ 13.398630] ?
preempt_count_add+0x4d/0xa0 [ 13.398630] ?
fpregs_assert_state_consistent+0x22/0x50 [ 13.398630]
__x64_sys_connect+0x16/0x20 [ 13.398630] do_syscall_64+0x42/0x90 [
13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd It is because commit
a41dad905e5a (“iov_iter: saner checks for attempt to copy to/from
iterator”) has introduced sanity check for copying from/to iov iterator.
Lacking of copy direction from the iterator viewpoint would lead to kernel
stack trace like above. This commit fixes this issue by initializing the
iov iterator with the correct copy direction when sending SYN or ACK
without data.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/11a4d6f67cf55883dc78e31c247d1903ed7feccc (6.2)
git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc
git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32
launchpad.net/bugs/cve/CVE-2023-52700
nvd.nist.gov/vuln/detail/CVE-2023-52700
security-tracker.debian.org/tracker/CVE-2023-52700
www.cve.org/CVERecord?id=CVE-2023-52700