CVE-2023-52978

{"id": "CVE-2023-52978", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-03-27T17:15:44.923", "references": [{"url": "https://git.kernel.org/stable/c/04a73558209554da17f46490ec4faaaf1b2bab68", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/12316538b1d193064109ce1a28fc9bacd43950de", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/87f48c7ccc73afc78630530d9af51f458f58cab8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: kprobe: Fixup kernel panic when probing an illegal position\n\nThe kernel would panic when probed for an illegal position. eg:\n\n(CONFIG_RISCV_ISA_C=n)\n\necho 'p:hello kernel_clone+0x16 a0=%a0' >> kprobe_events\necho 1 > events/kprobes/hello/enable\ncat trace\n\nKernel panic - not syncing: stack-protector: Kernel stack\nis corrupted in: __do_sys_newfstatat+0xb8/0xb8\nCPU: 0 PID: 111 Comm: sh Not tainted\n6.2.0-rc1-00027-g2d398fe49a4d #490\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[<ffffffff80007268>] dump_backtrace+0x38/0x48\n[<ffffffff80c5e83c>] show_stack+0x50/0x68\n[<ffffffff80c6da28>] dump_stack_lvl+0x60/0x84\n[<ffffffff80c6da6c>] dump_stack+0x20/0x30\n[<ffffffff80c5ecf4>] panic+0x160/0x374\n[<ffffffff80c6db94>] generic_handle_arch_irq+0x0/0xa8\n[<ffffffff802deeb0>] sys_newstat+0x0/0x30\n[<ffffffff800158c0>] sys_clone+0x20/0x30\n[<ffffffff800039e8>] ret_from_syscall+0x0/0x4\n---[ end Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 ]---\n\nThat is because the kprobe's ebreak instruction broke the kernel's\noriginal code. The user should guarantee the correction of the probe\nposition, but it couldn't make the kernel panic.\n\nThis patch adds arch_check_kprobe in arch_prepare_kprobe to prevent an\nillegal position (Such as the middle of an instruction)."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: kprobe: Correcci\u00f3n del p\u00e1nico del kernel al sondear una posici\u00f3n ilegal El kernel entrar\u00eda en p\u00e1nico cuando se sondeara una posici\u00f3n ilegal. p. ej.: (CONFIG_RISCV_ISA_C=n) echo 'p:hello kernel_clone+0x16 a0=%a0' &gt;&gt; kprobe_events echo 1 &gt; events/kprobes/hello/enable cat trace Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 CPU: 0 PID: 111 Comm: sh Not tainted 6.2.0-rc1-00027-g2d398fe49a4d #490 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x38/0x48 [] show_stack+0x50/0x68 [] dump_stack_lvl+0x60/0x84 [] dump_stack+0x20/0x30 [] panic+0x160/0x374 [] generic_handle_arch_irq+0x0/0xa8 [] sys_newstat+0x0/0x30 [] sys_clone+0x20/0x30 [] ret_from_syscall+0x0/0x4 ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 ]--- Esto se debe a que la instrucci\u00f3n ebreak de kprobe rompi\u00f3 el c\u00f3digo original del n\u00facleo. El usuario deber\u00eda garantizar la correcci\u00f3n de la posici\u00f3n de la sonda, pero no pudo provocar un p\u00e1nico en el n\u00facleo. Este parche a\u00f1ade arch_check_kprobe en arch_prepare_kprobe para evitar una posici\u00f3n ilegal (como la mitad de una instrucci\u00f3n)."}], "lastModified": "2025-04-15T14:49:22.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C71DDF39-39C1-4B06-990E-9106C348F502", "versionEndExcluding": "5.15.93", "versionStartIncluding": "5.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "954792E4-20E7-4E05-BB20-8A78D5FEAD45", "versionEndIncluding": "6.1.11", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB8D555-648E-4F2F-98BD-3E7F45BD12A8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}