admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-524xx/CVE-2023-52499.json

32 lines
3.1 KiB
JSON
Raw Normal View History

Auto-Update: 2024-03-02T23:00:24.275384+00:00
2024-03-02 23:00:27 +00:00
{
"id": "CVE-2023-52499",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:47.057",
Auto-Update: 2024-03-04T17:01:08.525101+00:00
2024-03-04 17:01:12 +00:00
"lastModified": "2024-03-04T13:58:23.447",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-03-02T23:00:24.275384+00:00
2024-03-02 23:00:27 +00:00
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/47x: Fix 47x syscall return crash\n\nEddie reported that newer kernels were crashing during boot on his 476\nFSP2 system:\n\n kernel tried to execute user page (b7ee2000) - exploit attempt? (uid: 0)\n BUG: Unable to handle kernel instruction fetch\n Faulting instruction address: 0xb7ee2000\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=4K FSP-2\n Modules linked in:\n CPU: 0 PID: 61 Comm: mount Not tainted 6.1.55-d23900f.ppcnf-fsp2 #1\n Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2\n NIP:\u00a0 b7ee2000 LR: 8c008000 CTR: 00000000\n REGS: bffebd83 TRAP: 0400\u00a0\u00a0 Not tainted (6.1.55-d23900f.ppcnf-fs p2)\n MSR:\u00a0 00000030 <IR,DR>\u00a0 CR: 00001000\u00a0 XER: 20000000\n GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000 00001000 00000d12 b7ee2000\n GPR08: 00000033 00000000 00000000 c139df10 48224824 1016c314 10160000 00000000\n GPR16: 10160000 10160000 00000008 00000000 10160000 00000000 10160000 1017f5b0\n GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630 00000000 00000000 1017f4f0\n NIP [b7ee2000] 0xb7ee2000\n LR [8c008000] 0x8c008000\n Call Trace:\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 0000000000000000 ]---\n\nThe problem is in ret_from_syscall where the check for\nicache_44x_need_flush is done. When the flush is needed the code jumps\nout-of-line to do the flush, and then intends to jump back to continue\nthe syscall return.\n\nHowever the branch back to label 1b doesn't return to the correct\nlocation, instead branching back just prior to the return to userspace,\ncausing bogus register values to be used by the rfi.\n\nThe breakage was introduced by commit 6f76a01173cc\n(\"powerpc/syscall: implement system call entry/exit logic in C for PPC32\") which\ninadvertently removed the \"1\" label and reused it elsewhere.\n\nFix it by adding named local labels in the correct locations. Note that\nthe return label needs to be outside the ifdef so that CONFIG_PPC_47x=n\ncompiles."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/29017ab1a539101d9c7bec63cc13a019f97b2820",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/70f6756ad96dd70177dddcfac2fe4bd4bb320746",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ac2689502f986a46f4221e239d4ff2897f1ccb3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0eee815babed70a749d2496a7678be5b45b4c14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue Copy Permalink