-

CVE-2023-54045

In the Linux kernel, the following vulnerability has been resolved:

audit: fix possible soft lockup in __audit_inode_child()

Tracefs or debugfs maybe cause hundreds to thousands of PATH records,
too many PATH records maybe cause soft lockup.

For example:
  1. CONFIG_KASAN=y && CONFIG_PREEMPTION=n
  2. auditctl -a exit,always -S open -k key
  3. sysctl -w kernel.watchdog_thresh=5
  4. mkdir /sys/kernel/debug/tracing/instances/test

There may be a soft lockup as follows:
  watchdog: BUG: soft lockup - CPU#45 stuck for 7s! [mkdir:15498]
  Kernel panic - not syncing: softlockup: hung tasks
  Call trace:
   dump_backtrace+0x0/0x30c
   show_stack+0x20/0x30
   dump_stack+0x11c/0x174
   panic+0x27c/0x494
   watchdog_timer_fn+0x2bc/0x390
   __run_hrtimer+0x148/0x4fc
   __hrtimer_run_queues+0x154/0x210
   hrtimer_interrupt+0x2c4/0x760
   arch_timer_handler_phys+0x48/0x60
   handle_percpu_devid_irq+0xe0/0x340
   __handle_domain_irq+0xbc/0x130
   gic_handle_irq+0x78/0x460
   el1_irq+0xb8/0x140
   __audit_inode_child+0x240/0x7bc
   tracefs_create_file+0x1b8/0x2a0
   trace_create_file+0x18/0x50
   event_create_dir+0x204/0x30c
   __trace_add_new_event+0xac/0x100
   event_trace_add_tracer+0xa0/0x130
   trace_array_create_dir+0x60/0x140
   trace_array_create+0x1e0/0x370
   instance_mkdir+0x90/0xd0
   tracefs_syscall_mkdir+0x68/0xa0
   vfs_mkdir+0x21c/0x34c
   do_mkdirat+0x1b4/0x1d4
   __arm64_sys_mkdirat+0x4c/0x60
   el0_svc_common.constprop.0+0xa8/0x240
   do_el0_svc+0x8c/0xc0
   el0_svc+0x20/0x30
   el0_sync_handler+0xb0/0xb4
   el0_sync+0x160/0x180

Therefore, we add cond_resched() to __audit_inode_child() to fix it.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < d061e2bfc20f2914656385816e0d20566213c54c
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < 1640c7bd4eddec6c72f3a99cbb74e333a2ce9f5d
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < f6364fa751d7486502c777f124a14d4d543fc5eb
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < 98ef243d5900d75a64539a2165745bffbb155d43
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < 0152e7758cc4e9f8bfba8dbea4438d8e488d6c08
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < 9ca08adb75fb40a8f742c371927ee73f9dc753bf
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < 8a40b491372966ba5426e138a53460985565d5a6
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < 8e76b944a7b9bddef190ffe2e29c9ae342ab91ed
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
Version < b59bc6e37237e37eadf50cd5de369e913f524463
Version 5195d8e217a78697152d64fc09a16e063a022465
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.3
Status affected
Version < 3.3
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.326
Status unaffected
Version <= 4.19.*
Version 4.19.295
Status unaffected
Version <= 5.4.*
Version 5.4.257
Status unaffected
Version <= 5.10.*
Version 5.10.195
Status unaffected
Version <= 5.15.*
Version 5.15.132
Status unaffected
Version <= 6.1.*
Version 6.1.53
Status unaffected
Version <= 6.4.*
Version 6.4.16
Status unaffected
Version <= 6.5.*
Version 6.5.3
Status unaffected
Version <= *
Version 6.6
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.