cve-2023-52835
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2024-11-04 14:53
Severity ?
Summary
perf/core: Bail out early if the request AUX area is out of bound
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52835",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:36:37.546418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:54.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8c504f615d7e",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "788c0b3442ea",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "1a2a4202c60f",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "fd0df3f87192",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "9ce4e87a8efd",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "2424410f94a9",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "2e905e608e38",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "54aee5f15b83",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.300",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Bail out early if the request AUX area is out of bound\n\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\n\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n    failed to mmap with 12 (Cannot allocate memory)\n\nand it reveals a WARNING with __alloc_pages():\n\n\t------------[ cut here ]------------\n\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\n\tCall trace:\n\t __alloc_pages+0x1ec/0x248\n\t __kmalloc_large_node+0xc0/0x1f8\n\t __kmalloc_node+0x134/0x1e8\n\t rb_alloc_aux+0xe0/0x298\n\t perf_mmap+0x440/0x660\n\t mmap_region+0x308/0x8a8\n\t do_mmap+0x3c0/0x528\n\t vm_mmap_pgoff+0xf4/0x1b8\n\t ksys_mmap_pgoff+0x18c/0x218\n\t __arm64_sys_mmap+0x38/0x58\n\t invoke_syscall+0x50/0x128\n\t el0_svc_common.constprop.0+0x58/0x188\n\t do_el0_svc+0x34/0x50\n\t el0_svc+0x34/0x108\n\t el0t_64_sync_handler+0xb8/0xc0\n\t el0t_64_sync+0x1a4/0x1a8\n\n\u0027rb-\u003eaux_pages\u0027 allocated by kcalloc() is a pointer array which is used to\nmaintains AUX trace pages. The allocated page for this array is physically\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\nWARNING.\n\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\ne.g.:\n\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n    failed to mmap with 12 (Cannot allocate memory)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T14:53:32.668Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
        },
        {
          "url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
        }
      ],
      "title": "perf/core: Bail out early if the request AUX area is out of bound",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52835",
    "datePublished": "2024-05-21T15:31:36.239Z",
    "dateReserved": "2024-05-21T15:19:24.252Z",
    "dateUpdated": "2024-11-04T14:53:32.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52835\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T16:15:21.023\",\"lastModified\":\"2024-05-21T16:53:56.550\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf/core: Bail out early if the request AUX area is out of bound\\n\\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\\n\\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\\n    failed to mmap with 12 (Cannot allocate memory)\\n\\nand it reveals a WARNING with __alloc_pages():\\n\\n\\t------------[ cut here ]------------\\n\\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\\n\\tCall trace:\\n\\t __alloc_pages+0x1ec/0x248\\n\\t __kmalloc_large_node+0xc0/0x1f8\\n\\t __kmalloc_node+0x134/0x1e8\\n\\t rb_alloc_aux+0xe0/0x298\\n\\t perf_mmap+0x440/0x660\\n\\t mmap_region+0x308/0x8a8\\n\\t do_mmap+0x3c0/0x528\\n\\t vm_mmap_pgoff+0xf4/0x1b8\\n\\t ksys_mmap_pgoff+0x18c/0x218\\n\\t __arm64_sys_mmap+0x38/0x58\\n\\t invoke_syscall+0x50/0x128\\n\\t el0_svc_common.constprop.0+0x58/0x188\\n\\t do_el0_svc+0x34/0x50\\n\\t el0_svc+0x34/0x108\\n\\t el0t_64_sync_handler+0xb8/0xc0\\n\\t el0t_64_sync+0x1a4/0x1a8\\n\\n\u0027rb-\u003eaux_pages\u0027 allocated by kcalloc() is a pointer array which is used to\\nmaintains AUX trace pages. The allocated page for this array is physically\\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\\nWARNING.\\n\\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\\ne.g.:\\n\\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\\n    failed to mmap with 12 (Cannot allocate memory)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/core: rescate anticipado si el \u00e1rea AUX de la solicitud est\u00e1 fuera de los l\u00edmites. Cuando perf-record con un \u00e1rea AUX grande, por ejemplo, 4 GB, falla con: #perf record -C 0 -m, 4G -e arm_spe_0// -- el sue\u00f1o 1 no pudo mapear con 12 (no se puede asignar memoria) y revela una ADVERTENCIA con __alloc_pages(): ------------[ cortar aqu\u00ed ] ------------ ADVERTENCIA: CPU: 44 PID: 17573 en mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Rastreo de llamadas: __alloc_pages+0x1ec/0x248 __kmalloc_large_node+0xc0/0x1f8 __kmalloc_node+0x134/ 0x1e8 rb_alloc_aux+0xe0/0x298 perf_mmap+0x440/0x660 mmap_region+0x308/0x8a8 do_mmap+0x3c0/0x528 vm_mmap_pgoff+0xf4/0x1b8 ksys_mmap_pgoff+0x18c/0x218 sys_mmap+0x38/0x58 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x58/0x188 do_el0_svc+0x34/0x50 el0_svc+0x34/0x108 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x1a4/0x1a8 \u0027rb-\u0026gt;aux_pages\u0027 asignado por kcalloc() es una matriz de punteros que se utiliza para mantener p\u00e1ginas de seguimiento AUX. La p\u00e1gina asignada para esta matriz es f\u00edsicamente contigua (y virtualmente contigua) con un orden de 0..MAX_ORDER. Si el tama\u00f1o de la matriz de punteros cruza la limitaci\u00f3n establecida por MAX_ORDER, se revela una ADVERTENCIA. Por lo tanto, salve pronto con -ENOMEM si el \u00e1rea AUX de la solicitud est\u00e1 fuera de los l\u00edmites, por ejemplo: #perf record -C 0 -m ,4G -e arm_spe_0// -- el sue\u00f1o 1 no pudo asignar mm con 12 (no se puede asignar memoria)\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.