FKIE_CVE-2023-52831

Vulnerability from fkie_nvd - Published: 2024-05-21 16:15 - Updated: 2025-09-23 22:46
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARN_ON() when rebuilding the scheduler domains and a subsequent panic due to and unhandled empty CPU mas in partition_sched_domains_locked(). cpuset_hotplug_workfn() rebuild_sched_domains_locked() ndoms = generate_sched_domains(&doms, &attr); cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN)); Thus results in an empty CPU mask which triggers the warning and then the subsequent crash: WARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408 Call trace: build_sched_domains+0x120c/0x1408 partition_sched_domains_locked+0x234/0x880 rebuild_sched_domains_locked+0x37c/0x798 rebuild_sched_domains+0x30/0x58 cpuset_hotplug_workfn+0x2a8/0x930 Unable to handle kernel paging request at virtual address fffe80027ab37080 partition_sched_domains_locked+0x318/0x880 rebuild_sched_domains_locked+0x37c/0x798 Aside of the resulting crash, it does not make any sense to offline the last last housekeeping CPU. Prevent this by masking out the non-housekeeping CPUs when selecting a target CPU for initiating the CPU unplug operation via the work queue.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffaPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffaPatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8093658-5835-493E-9047-EEC6269C0BB1",
              "versionEndExcluding": "6.1.64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4",
              "versionEndExcluding": "6.5.13",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0",
              "versionEndExcluding": "6.6.3",
              "versionStartIncluding": "6.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don\u0027t offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n  rebuild_sched_domains_locked()\n    ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n      cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpu/hotplug: no desconectar la \u00faltima CPU no aislada. Si un sistema tiene CPU aisladas mediante el par\u00e1metro de l\u00ednea de comando \"isolcpus=\", entonces se intenta desconectar la \u00faltima limpieza La CPU dar\u00e1 como resultado un WARN_ON() al reconstruir los dominios del programador y un p\u00e1nico posterior debido a una masa de CPU vac\u00eda no controlada en particion_sched_domains_locked(). cpuset_hotplug_workfn() build_sched_domains_locked() ndoms = generate_sched_domains(\u0026amp;doms, \u0026amp;attr); cpumask_and(doms[0], top_cpuset. Effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN)); Por lo tanto, se genera una m\u00e1scara de CPU vac\u00eda que activa la advertencia y luego el bloqueo posterior: ADVERTENCIA: CPU: 4 PID: 80 en kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408 Seguimiento de llamadas: build_sched_domains+0x120c/0x1408 partition_sched_domains_locked+ 0x234/0x880 build_sched_domains_locked+0x37c/0x798 build_sched_domains+0x30/0x58 cpuset_hotplug_workfn+0x2a8/0x930 No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual fffe80027ab37080 particion_sched_domains_locked+0x318/0x880 _sched_domains_locked+0x37c/0x798 Aparte del bloqueo resultante, no tiene ning\u00fan sentido para desconectar la \u00faltima CPU de mantenimiento. Evite esto enmascarando las CPU que no son de mantenimiento al seleccionar una CPU de destino para iniciar la operaci\u00f3n de desconexi\u00f3n de la CPU a trav\u00e9s de la cola de trabajo."
    }
  ],
  "id": "CVE-2023-52831",
  "lastModified": "2025-09-23T22:46:04.313",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T16:15:20.743",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffa"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.