FKIE_CVE-2023-52859

Vulnerability from fkie_nvd - Published: 2024-05-21 16:15 - Updated: 2025-01-14 17:32
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore pmu offline callback, which migrate the pmu context. Since that's liable to lead to some kind of use-after-free. Use cpuhp_state_remove_instance_nocalls() instead of cpuhp_state_remove_instance() so that the notifiers don't execute after the PMU device has been failed to register.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fdaPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fdaPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F25346BD-6450-4C82-89C8-1C45C67B0738",
              "versionEndExcluding": "5.15.139",
              "versionStartIncluding": "5.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E1EA7E-2788-466C-9FFB-34AFA1B052F0",
              "versionEndExcluding": "6.1.63",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "825F64D9-E99F-49AA-8A7B-EF7C2965C5B2",
              "versionEndExcluding": "6.5.12",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CBFF885-A4D3-4F21-B6FD-4D770034C048",
              "versionEndExcluding": "6.6.2",
              "versionStartIncluding": "6.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: hisi: Fix use-after-free when register pmu fails\n\nWhen we fail to register the uncore pmu, the pmu context may not been\nallocated. The error handing will call cpuhp_state_remove_instance()\nto call uncore pmu offline callback, which migrate the pmu context.\nSince that\u0027s liable to lead to some kind of use-after-free.\n\nUse cpuhp_state_remove_instance_nocalls() instead of\ncpuhp_state_remove_instance() so that the notifiers don\u0027t execute after\nthe PMU device has been failed to register."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf: hisi: corrige el use after free cuando falla el registro de pmu. Cuando no logramos registrar el pmu sin n\u00facleo, es posible que no se haya asignado el contexto de pmu. El manejo del error llamar\u00e1 a cpuhp_state_remove_instance() para llamar a la devoluci\u00f3n de llamada fuera de l\u00ednea de uncore pmu, que migra el contexto de pmu. Dado que eso puede conducir a alg\u00fan tipo de use after free. Utilice cpuhp_state_remove_instance_nocalls() en lugar de cpuhp_state_remove_instance() para que los notificadores no se ejecuten despu\u00e9s de que el dispositivo PMU no haya podido registrarse."
    }
  ],
  "id": "CVE-2023-52859",
  "lastModified": "2025-01-14T17:32:34.387",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T16:15:22.933",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fda"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0e1e88bba286621b886218363de07b319d6208b2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3405f364f82d4f5407a8b4c519dc15d24b847fda"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/75bab28ffd05ec8879c197890b1bd1dfec8d3f63"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b660420f449d094b1fabfa504889810b3a63cdd5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b805cafc604bfdb671fae7347a57f51154afa735"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.