Bug 2355498 (CVE-2023-52942) - CVE-2023-52942 kernel: cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask()
Summary: CVE-2023-52942 kernel: cgroup/cpuset: Fix wrong check in update_parent_subpar...
Keywords:
Status: NEW
Alias: CVE-2023-52942
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-27 17:04 UTC by OSIDB Bzimport
Modified: 2025-03-27 21:25 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-03-27 17:04:20 UTC 
In the Linux kernel, the following vulnerability has been resolved:

cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask()

It was found that the check to see if a partition could use up all
the cpus from the parent cpuset in update_parent_subparts_cpumask()
was incorrect. As a result, it is possible to leave parent with no
effective cpu left even if there are tasks in the parent cpuset. This
can lead to system panic as reported in [1].

Fix this probem by updating the check to fail the enabling the partition
if parent's effective_cpus is a subset of the child's cpus_allowed.

Also record the error code when an error happens in update_prstate()
and add a test case where parent partition and child have the same cpu
list and parent has task. Enabling partition in the child will fail in
this case.

[1] https://www.spinics.net/lists/cgroups/msg36254.html
Comment 1 Robb Gatica 2025-03-27 21:20:19 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025032723-CVE-2023-52942-6a3c@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.