CVE-2023-54195

EPSS 0.02%
Veröffentlicht 30.12.2025 12:09:02
Zuletzt bearbeitet 31.12.2025 20:43:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix timeout of a call that hasn't yet been granted a channel

afs_make_call() calls rxrpc_kernel_begin_call() to begin a call (which may
get stalled in the background waiting for a connection to become
available); it then calls rxrpc_kernel_set_max_life() to set the timeouts -
but that starts the call timer so the call timer might then expire before
we get a connection assigned - leading to the following oops if the call
stalled:

	BUG: kernel NULL pointer dereference, address: 0000000000000000
	...
	CPU: 1 PID: 5111 Comm: krxrpcio/0 Not tainted 6.3.0-rc7-build3+ #701
	RIP: 0010:rxrpc_alloc_txbuf+0xc0/0x157
	...
	Call Trace:
	 <TASK>
	 rxrpc_send_ACK+0x50/0x13b
	 rxrpc_input_call_event+0x16a/0x67d
	 rxrpc_io_thread+0x1b6/0x45f
	 ? _raw_spin_unlock_irqrestore+0x1f/0x35
	 ? rxrpc_input_packet+0x519/0x519
	 kthread+0xe7/0xef
	 ? kthread_complete_and_exit+0x1b/0x1b
	 ret_from_fork+0x22/0x30

Fix this by noting the timeouts in struct rxrpc_call when the call is
created.  The timer will be started when the first packet is transmitted.

It shouldn't be possible to trigger this directly from userspace through
AF_RXRPC as sendmsg() will return EBUSY if the call is in the
waiting-for-conn state if it dropped out of the wait due to a signal.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 92128a7170a220b5126d09a1c1954a3a8d46cef3

Version 9d35d880e0e4a3ab32d8c12f9e4d76198aadd42d

Status affected

Version < 72f4a9f3f447948cf86dffe1c4a4c8a429ab9666

Version 9d35d880e0e4a3ab32d8c12f9e4d76198aadd42d

Status affected

Version < db099c625b13a74d462521a46d98a8ce5b53af5d

Version 9d35d880e0e4a3ab32d8c12f9e4d76198aadd42d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.2

Status affected

Version < 6.2

Version 0

Status unaffected

Version <= 6.2.*

Version 6.2.16

Status unaffected

Version <= 6.3.*

Version 6.3.3

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/92128a7170a220b5126d09a1c1954a3a8d46cef3

https://git.kernel.org/stable/c/72f4a9f3f447948cf86dffe1c4a4c8a429ab9666

https://git.kernel.org/stable/c/db099c625b13a74d462521a46d98a8ce5b53af5d

https://nvd.nist.gov/vuln/detail/CVE-2023-54195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54195

EUVD