-

CVE-2023-53419

In the Linux kernel, the following vulnerability has been resolved:

rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access

For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can
result in a NULL-pointer dereference:

           CPU1                                           CPU2
rcu_preempt_deferred_qs_irqrestore                rcu_print_task_exp_stall
  if (special.b.blocked)                            READ_ONCE(rnp->exp_tasks) != NULL
    raw_spin_lock_rcu_node
    np = rcu_next_node_entry(t, rnp)
    if (&t->rcu_node_entry == rnp->exp_tasks)
      WRITE_ONCE(rnp->exp_tasks, np)
      ....
      raw_spin_unlock_irqrestore_rcu_node
                                                    raw_spin_lock_irqsave_rcu_node
                                                    t = list_entry(rnp->exp_tasks->prev,
                                                        struct task_struct, rcu_node_entry)
                                                    (if rnp->exp_tasks is NULL, this
                                                       will dereference a NULL pointer)

The problem is that CPU2 accesses the rcu_node structure's->exp_tasks
field without holding the rcu_node structure's ->lock and CPU2 did
not observe CPU1's change to rcu_node structure's ->exp_tasks in time.
Therefore, if CPU1 sets rcu_node structure's->exp_tasks pointer to NULL,
then CPU2 might dereference that NULL pointer.

This commit therefore holds the rcu_node structure's ->lock while
accessing that structure's->exp_tasks field.

[ paulmck: Apply Frederic Weisbecker feedback. ]

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < a7d21b8585894e6fff973f6ddae42f02b13f600f
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < e30a55e98ae6c44253d8b129efefd5da5bc6e3bc
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < d0a8c0e31a09ec1efd53079083e2a677956b4d91
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 2bc0ae94ef1f9ed322d8ee439de3239ea3632ab2
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 3c1566bca3f8349f12b75d0a2d5e4a20ad6262ec
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version <= 5.10.*
Version 5.10.181
Status unaffected
Version <= 5.15.*
Version 5.15.113
Status unaffected
Version <= 6.1.*
Version 6.1.30
Status unaffected
Version <= 6.3.*
Version 6.3.4
Status unaffected
Version <= *
Version 6.4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.047
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String