cve-2023-52835
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2024-12-19 08:26
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory) and it reveals a WARNING with __alloc_pages(): ------------[ cut here ]------------ WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Call trace: __alloc_pages+0x1ec/0x248 __kmalloc_large_node+0xc0/0x1f8 __kmalloc_node+0x134/0x1e8 rb_alloc_aux+0xe0/0x298 perf_mmap+0x440/0x660 mmap_region+0x308/0x8a8 do_mmap+0x3c0/0x528 vm_mmap_pgoff+0xf4/0x1b8 ksys_mmap_pgoff+0x18c/0x218 __arm64_sys_mmap+0x38/0x58 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x58/0x188 do_el0_svc+0x34/0x50 el0_svc+0x34/0x108 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x1a4/0x1a8 'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to maintains AUX trace pages. The allocated page for this array is physically contiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the size of pointer array crosses the limitation set by MAX_ORDER, it reveals a WARNING. So bail out early with -ENOMEM if the request AUX area is out of bound, e.g.: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with 12 (Cannot allocate memory)
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52835",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:36:37.546418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:54.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8c504f615d7ed60ae035c51d0c789137ced6797f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "788c0b3442ead737008934947730a6d1ff703734",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1a2a4202c60fcdffbf04f259002ce9bff39edece",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fd0df3f8719201dbe61a4d39083d5aecd705399a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9ce4e87a8efd37c85766ec08b15e885cab08553a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2424410f94a94d91230ced094062d859714c984a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2e905e608e38cf7f8dcddcf8a6036e91a78444cb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "54aee5f15b83437f23b2b2469bcf21bdd9823916",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.300",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Bail out early if the request AUX area is out of bound\n\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\n\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n    failed to mmap with 12 (Cannot allocate memory)\n\nand it reveals a WARNING with __alloc_pages():\n\n\t------------[ cut here ]------------\n\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\n\tCall trace:\n\t __alloc_pages+0x1ec/0x248\n\t __kmalloc_large_node+0xc0/0x1f8\n\t __kmalloc_node+0x134/0x1e8\n\t rb_alloc_aux+0xe0/0x298\n\t perf_mmap+0x440/0x660\n\t mmap_region+0x308/0x8a8\n\t do_mmap+0x3c0/0x528\n\t vm_mmap_pgoff+0xf4/0x1b8\n\t ksys_mmap_pgoff+0x18c/0x218\n\t __arm64_sys_mmap+0x38/0x58\n\t invoke_syscall+0x50/0x128\n\t el0_svc_common.constprop.0+0x58/0x188\n\t do_el0_svc+0x34/0x50\n\t el0_svc+0x34/0x108\n\t el0t_64_sync_handler+0xb8/0xc0\n\t el0t_64_sync+0x1a4/0x1a8\n\n\u0027rb-\u003eaux_pages\u0027 allocated by kcalloc() is a pointer array which is used to\nmaintains AUX trace pages. The allocated page for this array is physically\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\nWARNING.\n\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\ne.g.:\n\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n    failed to mmap with 12 (Cannot allocate memory)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:26:52.336Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
        },
        {
          "url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
        }
      ],
      "title": "perf/core: Bail out early if the request AUX area is out of bound",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52835",
    "datePublished": "2024-05-21T15:31:36.239Z",
    "dateReserved": "2024-05-21T15:19:24.252Z",
    "dateUpdated": "2024-12-19T08:26:52.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52835\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T16:15:21.023\",\"lastModified\":\"2024-11-21T08:40:41.303\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf/core: Bail out early if the request AUX area is out of bound\\n\\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\\n\\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\\n    failed to mmap with 12 (Cannot allocate memory)\\n\\nand it reveals a WARNING with __alloc_pages():\\n\\n\\t------------[ cut here ]------------\\n\\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\\n\\tCall trace:\\n\\t __alloc_pages+0x1ec/0x248\\n\\t __kmalloc_large_node+0xc0/0x1f8\\n\\t __kmalloc_node+0x134/0x1e8\\n\\t rb_alloc_aux+0xe0/0x298\\n\\t perf_mmap+0x440/0x660\\n\\t mmap_region+0x308/0x8a8\\n\\t do_mmap+0x3c0/0x528\\n\\t vm_mmap_pgoff+0xf4/0x1b8\\n\\t ksys_mmap_pgoff+0x18c/0x218\\n\\t __arm64_sys_mmap+0x38/0x58\\n\\t invoke_syscall+0x50/0x128\\n\\t el0_svc_common.constprop.0+0x58/0x188\\n\\t do_el0_svc+0x34/0x50\\n\\t el0_svc+0x34/0x108\\n\\t el0t_64_sync_handler+0xb8/0xc0\\n\\t el0t_64_sync+0x1a4/0x1a8\\n\\n\u0027rb-\u003eaux_pages\u0027 allocated by kcalloc() is a pointer array which is used to\\nmaintains AUX trace pages. The allocated page for this array is physically\\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\\nWARNING.\\n\\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\\ne.g.:\\n\\n    #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\\n    failed to mmap with 12 (Cannot allocate memory)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/core: rescate anticipado si el \u00e1rea AUX de la solicitud est\u00e1 fuera de los l\u00edmites. Cuando perf-record con un \u00e1rea AUX grande, por ejemplo, 4 GB, falla con: #perf record -C 0 -m, 4G -e arm_spe_0// -- el sue\u00f1o 1 no pudo mapear con 12 (no se puede asignar memoria) y revela una ADVERTENCIA con __alloc_pages(): ------------[ cortar aqu\u00ed ] ------------ ADVERTENCIA: CPU: 44 PID: 17573 en mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248 Rastreo de llamadas: __alloc_pages+0x1ec/0x248 __kmalloc_large_node+0xc0/0x1f8 __kmalloc_node+0x134/ 0x1e8 rb_alloc_aux+0xe0/0x298 perf_mmap+0x440/0x660 mmap_region+0x308/0x8a8 do_mmap+0x3c0/0x528 vm_mmap_pgoff+0xf4/0x1b8 ksys_mmap_pgoff+0x18c/0x218 sys_mmap+0x38/0x58 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0x58/0x188 do_el0_svc+0x34/0x50 el0_svc+0x34/0x108 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x1a4/0x1a8 \u0027rb-\u0026gt;aux_pages\u0027 asignado por kcalloc() es una matriz de punteros que se utiliza para mantener p\u00e1ginas de seguimiento AUX. La p\u00e1gina asignada para esta matriz es f\u00edsicamente contigua (y virtualmente contigua) con un orden de 0..MAX_ORDER. Si el tama\u00f1o de la matriz de punteros cruza la limitaci\u00f3n establecida por MAX_ORDER, se revela una ADVERTENCIA. Por lo tanto, salve pronto con -ENOMEM si el \u00e1rea AUX de la solicitud est\u00e1 fuera de los l\u00edmites, por ejemplo: #perf record -C 0 -m ,4G -e arm_spe_0// -- el sue\u00f1o 1 no pudo asignar mm con 12 (no se puede asignar memoria)\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.