Ubuntu.comUB:CVE-2023-52808CVE-2023-52808
In the Linux kernel, the following vulnerability has been resolved: scsi:
hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs If init
debugfs failed during device registration due to memory allocation failure,
debugfs_remove_recursive() is called, after which debugfs_dir is not set to
NULL. debugfs_remove_recursive() will be called again during device
removal. As a result, illegal pointer is accessed. [ 1665.467244]
hisi_sas_v3_hw 0000:b4:02.0: failed to init debugfs! … [ 1669.836708]
Unable to handle kernel NULL pointer dereference at virtual address
00000000000000a0 [ 1669.872669] pc : down_write+0x24/0x70 [ 1669.876315] lr
: down_write+0x1c/0x70 [ 1669.879961] sp : ffff000036f53a30 [ 1669.883260]
x29: ffff000036f53a30 x28: ffffa027c31549f8 [ 1669.888547] x27:
ffffa027c3140000 x26: 0000000000000000 [ 1669.893834] x25: ffffa027bf37c270
x24: ffffa027bf37c270 [ 1669.899122] x23: ffff0000095406b8 x22:
ffff0000095406a8 [ 1669.904408] x21: 0000000000000000 x20: ffffa027bf37c310
[ 1669.909695] x19: 00000000000000a0 x18: ffff8027dcd86f10 [ 1669.914982]
x17: 0000000000000000 x16: 0000000000000000 [ 1669.920268] x15:
0000000000000000 x14: ffffa0274014f870 [ 1669.925555] x13: 0000000000000040
x12: 0000000000000228 [ 1669.930842] x11: 0000000000000020 x10:
0000000000000bb0 [ 1669.936129] x9 : ffff000036f537f0 x8 : ffff80273088ca10
[ 1669.941416] x7 : 000000000000001d x6 : 00000000ffffffff [ 1669.946702]
x5 : ffff000008a36310 x4 : ffff80273088be00 [ 1669.951989] x3 :
ffff000009513e90 x2 : 0000000000000000 [ 1669.957276] x1 : 00000000000000a0
x0 : ffffffff00000001 [ 1669.962563] Call trace: [ 1669.965000]
down_write+0x24/0x70 [ 1669.968301] debugfs_remove_recursive+0x5c/0x1b0 [
1669.972905] hisi_sas_debugfs_exit+0x24/0x30 [hisi_sas_main] [ 1669.978541]
hisi_sas_v3_remove+0x130/0x150 [hisi_sas_v3_hw] [ 1669.984175]
pci_device_remove+0x48/0xd8 [ 1669.988082]
device_release_driver_internal+0x1b4/0x250 [ 1669.993282]
device_release_driver+0x28/0x38 [ 1669.997534]
pci_stop_bus_device+0x84/0xb8 [ 1670.001611]
pci_stop_and_remove_bus_device_locked+0x24/0x40 [ 1670.007244]
remove_store+0xfc/0x140 [ 1670.010802] dev_attr_store+0x44/0x60 [
1670.014448] sysfs_kf_write+0x58/0x80 [ 1670.018095]
kernfs_fop_write+0xe8/0x1f0 [ 1670.022000] __vfs_write+0x60/0x190 [
1670.025472] vfs_write+0xac/0x1c0 [ 1670.028771] ksys_write+0x6c/0xd8 [
1670.032071] __arm64_sys_write+0x24/0x30 [ 1670.035977]
el0_svc_common+0x78/0x130 [ 1670.039710] el0_svc_handler+0x38/0x78 [
1670.043442] el0_svc+0x8/0xc To fix this, set debugfs_dir to NULL after
debugfs_remove_recursive().
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
References
git.kernel.org/linus/6de426f9276c448e2db7238911c97fb157cb23be (6.7-rc1)
git.kernel.org/stable/c/33331b265aac9441ac0c1a5442e3f05d038240ec
git.kernel.org/stable/c/6de426f9276c448e2db7238911c97fb157cb23be
git.kernel.org/stable/c/75a2656260fe8c7eeabda6ff4600b29e183f48db
git.kernel.org/stable/c/b4465009e7d60c6111946db4c8f1e50d401ed7be
git.kernel.org/stable/c/f0bfc8a5561fb0b2c48183dcbfe00bdd6d973bd3
launchpad.net/bugs/cve/CVE-2023-52808
nvd.nist.gov/vuln/detail/CVE-2023-52808
security-tracker.debian.org/tracker/CVE-2023-52808
www.cve.org/CVERecord?id=CVE-2023-52808
Related
