-

CVE-2023-54232

In the Linux kernel, the following vulnerability has been resolved:

m68k: Only force 030 bus error if PC not in exception table

__get_kernel_nofault() does copy data in supervisor mode when
forcing a task backtrace log through /proc/sysrq_trigger.
This is expected cause a bus error exception on e.g. NULL
pointer dereferencing when logging a kernel task has no
workqueue associated. This bus error ought to be ignored.

Our 030 bus error handler is ill equipped to deal with this:

Whenever ssw indicates a kernel mode access on a data fault,
we don't even attempt to handle the fault and instead always
send a SEGV signal (or panic). As a result, the check
for exception handling at the fault PC (buried in
send_sig_fault() which gets called from do_page_fault()
eventually) is never used.

In contrast, both 040 and 060 access error handlers do not
care whether a fault happened on supervisor mode access,
and will call do_page_fault() on those, ultimately honoring
the exception table.

Add a check in bus_error030 to call do_page_fault() in case
we do have an entry for the fault PC in our exception table.

I had attempted a fix for this earlier in 2019 that did rely
on testing pagefault_disabled() (see link below) to achieve
the same thing, but this patch should be more generic.

Tested on 030 Atari Falcon.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 1a6059f5ed57f48edfe7159404ff7d538d9d405b
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
Version < f55cb52ec98b22125f5bda36391edb8894f7e8cf
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
Version < 2100e374251a8fc00cce1916cfc50f3cb652cbe3
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
Version < df1da53a7e98f0b2a0eb2241c154f148f2f2c1d8
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
Version < 8bf8d5dade4c5e1d8a2386f29253ed28b5d87735
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
Version < 54fa25ffab2b700df5abd58c136d64a912c53953
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
Version < ec15405b80fc15ffc87a23d01378ae061c1aba07
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
Version < e36a82bebbf7da814530d5a179bef9df5934b717
Version f2325ecebc5b7988fd49968bd3a660fd1594dc84
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.18
Status affected
Version < 2.6.18
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.312
Status unaffected
Version <= 4.19.*
Version 4.19.280
Status unaffected
Version <= 5.4.*
Version 5.4.240
Status unaffected
Version <= 5.10.*
Version 5.10.177
Status unaffected
Version <= 5.15.*
Version 5.15.105
Status unaffected
Version <= 6.1.*
Version 6.1.22
Status unaffected
Version <= 6.2.*
Version 6.2.9
Status unaffected
Version <= *
Version 6.3
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.