7.8

CVE-2023-53075

ftrace: Fix invalid address access in lookup_rec() when index is 0

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Fix invalid address access in lookup_rec() when index is 0

KASAN reported follow problem:

 BUG: KASAN: use-after-free in lookup_rec
 Read of size 8 at addr ffff000199270ff0 by task modprobe
 CPU: 2 Comm: modprobe
 Call trace:
  kasan_report
  __asan_load8
  lookup_rec
  ftrace_location
  arch_check_ftrace_location
  check_kprobe_address_safe
  register_kprobe

When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a
pg which is newly added to ftrace_pages_start in ftrace_process_locs().
Before the first pg->index++, index is 0 and accessing pg->records[-1].ip
will cause this problem.

Don't check the ip when pg->index is 0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.5 < 4.14.311
LinuxLinux Kernel Version >= 4.15 < 4.19.279
LinuxLinux Kernel Version >= 4.20 < 5.4.238
LinuxLinux Kernel Version >= 5.5 < 5.10.176
LinuxLinux Kernel Version >= 5.11 < 5.15.104
LinuxLinux Kernel Version >= 5.16 < 6.1.21
LinuxLinux Kernel Version >= 6.2 < 6.2.8
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.067
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/2de28e5ce34b22b73b833a21e2c45ae3aade3964
Patch
https://git.kernel.org/stable/c/7569ee04b0e3b32df79f64db3a7138573edad9bc
Patch
https://git.kernel.org/stable/c/ac58b88ccbbb8e9fb83e137cee04a856b1ea6635
Patch
https://git.kernel.org/stable/c/83c3b2f4e7c61367c7b24551f4c6eb94bbdda283
Patch
https://git.kernel.org/stable/c/2a0d71fabfeb349216d33f001a6421b1768bd3a9
Patch
https://git.kernel.org/stable/c/4f84f31f63416b0f02fc146ffdc4ab32723eb7e8
Patch
https://git.kernel.org/stable/c/f1bd8b7fd890d87d0dc4dedc6287ea34dd07c0b4
Patch
https://git.kernel.org/stable/c/ee92fa443358f4fc0017c1d0d325c27b37802504
Patch