mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
168 lines
12 KiB
JSON
168 lines
12 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-52796",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: add ipvlan_route_v6_outbound() helper\n\nInspired by syzbot reports using a stack of multiple ipvlan devices.\n\nReduce stack size needed in ipvlan_process_v6_outbound() by moving\nthe flowi6 struct used for the route lookup in an non inlined\nhelper. ipvlan_route_v6_outbound() needs 120 bytes on the stack,\nimmediately reclaimed.\n\nAlso make sure ipvlan_process_v4_outbound() is not inlined.\n\nWe might also have to lower MAX_NEST_DEV, because only syzbot uses\nsetups with more than four stacked devices.\n\nBUG: TASK stack guard page was hit at ffffc9000e803ff8 (stack is ffffc9000e804000..ffffc9000e808000)\nstack guard page: 0000 [#1] SMP KASAN\nCPU: 0 PID: 13442 Comm: syz-executor.4 Not tainted 6.1.52-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023\nRIP: 0010:kasan_check_range+0x4/0x2a0 mm/kasan/generic.c:188\nCode: 48 01 c6 48 89 c7 e8 db 4e c1 03 31 c0 5d c3 cc 0f 0b eb 02 0f 0b b8 ea ff ff ff 5d c3 cc 00 00 cc cc 00 00 cc cc 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 a4 01 00 00 48 89\nRSP: 0018:ffffc9000e804000 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817e5bf2\nRDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff887c6568\nRBP: ffffc9000e804000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92001d0080c\nR13: dffffc0000000000 R14: ffffffff87e6b100 R15: 0000000000000000\nFS: 00007fd0c55826c0(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000e803ff8 CR3: 0000000170ef7000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<#DF>\n</#DF>\n<TASK>\n[<ffffffff81f281d1>] __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31\n[<ffffffff817e5bf2>] instrument_atomic_read include/linux/instrumented.h:72 [inline]\n[<ffffffff817e5bf2>] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n[<ffffffff817e5bf2>] cpumask_test_cpu include/linux/cpumask.h:506 [inline]\n[<ffffffff817e5bf2>] cpu_online include/linux/cpumask.h:1092 [inline]\n[<ffffffff817e5bf2>] trace_lock_acquire include/trace/events/lock.h:24 [inline]\n[<ffffffff817e5bf2>] lock_acquire+0xe2/0x590 kernel/locking/lockdep.c:5632\n[<ffffffff8563221e>] rcu_lock_acquire+0x2e/0x40 include/linux/rcupdate.h:306\n[<ffffffff8561464d>] rcu_read_lock include/linux/rcupdate.h:747 [inline]\n[<ffffffff8561464d>] ip6_pol_route+0x15d/0x1440 net/ipv6/route.c:2221\n[<ffffffff85618120>] ip6_pol_route_output+0x50/0x80 net/ipv6/route.c:2606\n[<ffffffff856f65b5>] pol_lookup_func include/net/ip6_fib.h:584 [inline]\n[<ffffffff856f65b5>] fib6_rule_lookup+0x265/0x620 net/ipv6/fib6_rules.c:116\n[<ffffffff85618009>] ip6_route_output_flags_noref+0x2d9/0x3a0 net/ipv6/route.c:2638\n[<ffffffff8561821a>] ip6_route_output_flags+0xca/0x340 net/ipv6/route.c:2651\n[<ffffffff838bd5a3>] ip6_route_output include/net/ip6_route.h:100 [inline]\n[<ffffffff838bd5a3>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:473 [inline]\n[<ffffffff838bd5a3>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]\n[<ffffffff838bd5a3>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n[<ffffffff838bd5a3>] ipvlan_queue_xmit+0xc33/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677\n[<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229\n[<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline]\n[<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline]\n[<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660\n[<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324\n[<ffffffff855ce4cd>] dev_queue_xmit include/linux/netdevice.h:3067 [inline]\n[<ffffffff855ce4cd>] neigh_hh_output include/net/neighbour.h:529 [inline]\n[<f\n---truncated---"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "2ad7bf363841",
|
|
"version_value": "4f7f850611aa"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "3.19",
|
|
"status": "affected"
|
|
},
|
|
{
|
|
"version": "0",
|
|
"lessThan": "3.19",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "4.19.300",
|
|
"lessThanOrEqual": "4.19.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.4.262",
|
|
"lessThanOrEqual": "5.4.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.10.202",
|
|
"lessThanOrEqual": "5.10.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.15.140",
|
|
"lessThanOrEqual": "5.15.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.1.64",
|
|
"lessThanOrEqual": "6.1.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.5.13",
|
|
"lessThanOrEqual": "6.5.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.6.3",
|
|
"lessThanOrEqual": "6.6.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.7",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4f7f850611aa27aaaf1bf5687702ad2240ae442a",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/4f7f850611aa27aaaf1bf5687702ad2240ae442a"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4d2d30f0792b47908af64c4d02ed1ee25ff50542",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/4d2d30f0792b47908af64c4d02ed1ee25ff50542"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/43b781e7cb5cd0b435de276111953bf2bacd1f02",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/43b781e7cb5cd0b435de276111953bf2bacd1f02"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/732a67ca436887b594ebc43bb5a04ffb0971a760",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/732a67ca436887b594ebc43bb5a04ffb0971a760"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/8872dc638c24bb774cd2224a69d72a7f661a4d56",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/8872dc638c24bb774cd2224a69d72a7f661a4d56"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/03cddc4df8c6be47fd27c8f8b87e5f9a989e1458",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/03cddc4df8c6be47fd27c8f8b87e5f9a989e1458"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/18f039428c7df183b09c69ebf10ffd4e521035d2",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/18f039428c7df183b09c69ebf10ffd4e521035d2"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-9e1c9544281a"
|
|
}
|
|
} |