5.5

CVE-2023-53590

sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop

In the Linux kernel, the following vulnerability has been resolved:

sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop

With this refcnt added in sctp_stream_priorities, we don't need to
traverse all streams to check if the prio is used by other streams
when freeing one stream's prio in sctp_sched_prio_free_sid(). This
can avoid a nested loop (up to 65535 * 65535), which may cause a
stuck as Ying reported:

    watchdog: BUG: soft lockup - CPU#23 stuck for 26s! [ksoftirqd/23:136]
    Call Trace:
     <TASK>
     sctp_sched_prio_free_sid+0xab/0x100 [sctp]
     sctp_stream_free_ext+0x64/0xa0 [sctp]
     sctp_stream_free+0x31/0x50 [sctp]
     sctp_association_free+0xa5/0x200 [sctp]

Note that it doesn't need to use refcount_t type for this counter,
as its accessing is always protected under the sock lock.

v1->v2:
 - add a check in sctp_sched_prio_set to avoid the possible prio_head
   refcnt overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.226 < 5.4.235
LinuxLinux Kernel Version >= 5.10.158 < 5.10.173
LinuxLinux Kernel Version >= 5.15.82 < 5.15.100
LinuxLinux Kernel Version >= 6.0.12 < 6.1
LinuxLinux Kernel Version >= 6.1.1 < 6.1.18
LinuxLinux Kernel Version >= 6.2 < 6.2.5
LinuxLinux Kernel Version6.1 Update-
LinuxLinux Kernel Version6.1 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.016
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/cec326443f01283ef68ea00c06ea073b1835a562
Patch
https://git.kernel.org/stable/c/8ee401f89cdb10f39098c0656d695b2bc4052100
Patch
https://git.kernel.org/stable/c/bf5540cbd20e2dae2c81ab9b31deef41ef147d0a
Patch
https://git.kernel.org/stable/c/03c3a5584a0a29821e59b7834635ce823050caaa
Patch
https://git.kernel.org/stable/c/6d529928ea212127851a2df8c40d822237ca946b
Patch
https://git.kernel.org/stable/c/68ba44639537de6f91fe32783766322d41848127
Patch