-
CVE-2023-53326
- EPSS 0.02%
- Published 16.09.2025 16:12:01
- Last modified 17.09.2025 14:18:55
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
powerpc: Don't try to copy PPR for task with NULL pt_regs
powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which
from my (arguably very short) checking is not commonly done for other
archs. This is fine, except when PF_IO_WORKER's have been created and
the task does something that causes a coredump to be generated. Then we
get this crash:
Kernel attempted to read user page (160) - exploit attempt? (uid: 1000)
BUG: Kernel NULL pointer dereference on read at 0x00000160
Faulting instruction address: 0xc0000000000c3a60
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=32 NUMA pSeries
Modules linked in: bochs drm_vram_helper drm_kms_helper xts binfmt_misc ecb ctr syscopyarea sysfillrect cbc sysimgblt drm_ttm_helper aes_generic ttm sg libaes evdev joydev virtio_balloon vmx_crypto gf128mul drm dm_mod fuse loop configfs drm_panel_orientation_quirks ip_tables x_tables autofs4 hid_generic usbhid hid xhci_pci xhci_hcd usbcore usb_common sd_mod
CPU: 1 PID: 1982 Comm: ppc-crash Not tainted 6.3.0-rc2+ #88
Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries
NIP: c0000000000c3a60 LR: c000000000039944 CTR: c0000000000398e0
REGS: c0000000041833b0 TRAP: 0300 Not tainted (6.3.0-rc2+)
MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 88082828 XER: 200400f8
...
NIP memcpy_power7+0x200/0x7d0
LR ppr_get+0x64/0xb0
Call Trace:
ppr_get+0x40/0xb0 (unreliable)
__regset_get+0x180/0x1f0
regset_get_alloc+0x64/0x90
elf_core_dump+0xb98/0x1b60
do_coredump+0x1c34/0x24a0
get_signal+0x71c/0x1410
do_notify_resume+0x140/0x6f0
interrupt_exit_user_prepare_main+0x29c/0x320
interrupt_exit_user_prepare+0x6c/0xa0
interrupt_return_srr_user+0x8/0x138
Because ppr_get() is trying to copy from a PF_IO_WORKER with a NULL
pt_regs.
Check for a valid pt_regs in both ppc_get/ppr_set, and return an error
if not set. The actual error value doesn't seem to be important here, so
just pick -EINVAL.
[mpe: Trim oops in change log, add Fixes & Cc stable]Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
80a4200d51e5a7e046f4a90f5faa5bafd5a60c58
Version
fa439810cc1b3c927ec24ede17d02467e1b143a1
Status
affected
Version <
7624973bc15b76d000e8e6f9b8080fcb76d36595
Version
fa439810cc1b3c927ec24ede17d02467e1b143a1
Status
affected
Version <
064a1c7b0f8403260d77627e62424a72ca26cee2
Version
fa439810cc1b3c927ec24ede17d02467e1b143a1
Status
affected
Version <
01849382373b867ddcbe7536b9dfa89f3bcea60e
Version
fa439810cc1b3c927ec24ede17d02467e1b143a1
Status
affected
Version <
fd7276189450110ed835eb0a334e62d2f1c4e3be
Version
fa439810cc1b3c927ec24ede17d02467e1b143a1
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
4.8
Status
affected
Version <
4.8
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.177
Status
unaffected
Version <=
5.15.*
Version
5.15.106
Status
unaffected
Version <=
6.1.*
Version
6.1.23
Status
unaffected
Version <=
6.2.*
Version
6.2.10
Status
unaffected
Version <=
*
Version
6.3
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.048 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|