-

CVE-2023-53419

In the Linux kernel, the following vulnerability has been resolved:

rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access

For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can
result in a NULL-pointer dereference:

           CPU1                                           CPU2
rcu_preempt_deferred_qs_irqrestore                rcu_print_task_exp_stall
  if (special.b.blocked)                            READ_ONCE(rnp->exp_tasks) != NULL
    raw_spin_lock_rcu_node
    np = rcu_next_node_entry(t, rnp)
    if (&t->rcu_node_entry == rnp->exp_tasks)
      WRITE_ONCE(rnp->exp_tasks, np)
      ....
      raw_spin_unlock_irqrestore_rcu_node
                                                    raw_spin_lock_irqsave_rcu_node
                                                    t = list_entry(rnp->exp_tasks->prev,
                                                        struct task_struct, rcu_node_entry)
                                                    (if rnp->exp_tasks is NULL, this
                                                       will dereference a NULL pointer)

The problem is that CPU2 accesses the rcu_node structure's->exp_tasks
field without holding the rcu_node structure's ->lock and CPU2 did
not observe CPU1's change to rcu_node structure's ->exp_tasks in time.
Therefore, if CPU1 sets rcu_node structure's->exp_tasks pointer to NULL,
then CPU2 might dereference that NULL pointer.

This commit therefore holds the rcu_node structure's ->lock while
accessing that structure's->exp_tasks field.

[ paulmck: Apply Frederic Weisbecker feedback. ]

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
Product Linux
Default Statusunaffected
Version < a7d21b8585894e6fff973f6ddae42f02b13f600f
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < e30a55e98ae6c44253d8b129efefd5da5bc6e3bc
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < d0a8c0e31a09ec1efd53079083e2a677956b4d91
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 2bc0ae94ef1f9ed322d8ee439de3239ea3632ab2
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 3c1566bca3f8349f12b75d0a2d5e4a20ad6262ec
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
VendorLinux
Product Linux
Default Statusaffected
Version <= 5.10.*
Version 5.10.181
Status unaffected
Version <= 5.15.*
Version 5.15.113
Status unaffected
Version <= 6.1.*
Version 6.1.30
Status unaffected
Version <= 6.3.*
Version 6.3.4
Status unaffected
Version <= *
Version 6.4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.047
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string