CVE-2023-52932

In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: add cond_resched() in get_swap_pages() The softlockup still occurs in get_swap_pages() under memory pressure. 64 CPU cores, 64GB memory, and 28 zram devices, the disksize of each zram device is 50MB with same priority as si. Use the stress-ng tool to increase memory pressure, causing the system to oom frequently. The plist_for_each_entry_safe() loops in get_swap_pages() could reach tens of thousands of times to find available space (extreme case: cond_resched() is not called in scan_swap_map_slots()). Let's add cond_resched() into get_swap_pages() when failed to find available space to avoid softlockup.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/29f0349c5c76b627fe06b87d4b13fa03a6ce8e64	Patch
https://git.kernel.org/stable/c/30187be29052bba9203b0ae2bdd815e0bc2faaab	Patch
https://git.kernel.org/stable/c/387217b97e99699c34e6d95ce2b91b327fcd853e	Patch
https://git.kernel.org/stable/c/49178d4d61e78aed8c837dfeea8a450700f196e2	Patch
https://git.kernel.org/stable/c/5dbe1ebd56470d03b78fc31491a9e4d433106ef2	Patch
https://git.kernel.org/stable/c/7717fc1a12f88701573f9ed897cc4f6699c661e3	Patch
https://git.kernel.org/stable/c/d49c85a1913385eed46dd16a25ad0928253767f0	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.2:rc6::::::

History

15 Apr 2025, 16:00

Type	Values Removed	Values Added
CWE		CWE-667
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.2:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.2:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/swapfile: añadir cond_resched() en get_swap_pages() El bloqueo suave todavía ocurre en get_swap_pages() bajo presión de memoria. 64 núcleos de CPU, 64 GB de memoria y 28 dispositivos zram, el tamaño del disco de cada dispositivo zram es de 50 MB con la misma prioridad que si. Utilice la herramienta stress-ng para aumentar la presión de memoria, lo que hace que el sistema se sobrecargue con frecuencia. Los bucles plist_for_each_entry_safe() en get_swap_pages() podrían alcanzar decenas de miles de veces para encontrar espacio disponible (caso extremo: cond_resched() no se llama en scan_swap_map_slots()). Agreguemos cond_resched() a get_swap_pages() cuando no se pueda encontrar espacio disponible para evitar el bloqueo suave.
References	~~() https://git.kernel.org/stable/c/29f0349c5c76b627fe06b87d4b13fa03a6ce8e64 -~~	() https://git.kernel.org/stable/c/29f0349c5c76b627fe06b87d4b13fa03a6ce8e64 - Patch
References	~~() https://git.kernel.org/stable/c/30187be29052bba9203b0ae2bdd815e0bc2faaab -~~	() https://git.kernel.org/stable/c/30187be29052bba9203b0ae2bdd815e0bc2faaab - Patch
References	~~() https://git.kernel.org/stable/c/387217b97e99699c34e6d95ce2b91b327fcd853e -~~	() https://git.kernel.org/stable/c/387217b97e99699c34e6d95ce2b91b327fcd853e - Patch
References	~~() https://git.kernel.org/stable/c/49178d4d61e78aed8c837dfeea8a450700f196e2 -~~	() https://git.kernel.org/stable/c/49178d4d61e78aed8c837dfeea8a450700f196e2 - Patch
References	~~() https://git.kernel.org/stable/c/5dbe1ebd56470d03b78fc31491a9e4d433106ef2 -~~	() https://git.kernel.org/stable/c/5dbe1ebd56470d03b78fc31491a9e4d433106ef2 - Patch
References	~~() https://git.kernel.org/stable/c/7717fc1a12f88701573f9ed897cc4f6699c661e3 -~~	() https://git.kernel.org/stable/c/7717fc1a12f88701573f9ed897cc4f6699c661e3 - Patch
References	~~() https://git.kernel.org/stable/c/d49c85a1913385eed46dd16a25ad0928253767f0 -~~	() https://git.kernel.org/stable/c/d49c85a1913385eed46dd16a25ad0928253767f0 - Patch

27 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 17:15

Updated : 2025-04-15 16:00

NVD link : CVE-2023-52932

Mitre link : CVE-2023-52932

CVE.ORG link : CVE-2023-52932

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

5.5 /10