Bug 2395880 (CVE-2023-53331) - CVE-2023-53331 kernel: pstore/ram: Check start of empty przs during init
Summary: CVE-2023-53331 kernel: pstore/ram: Check start of empty przs during init
Keywords:
Status: NEW
Alias: CVE-2023-53331
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-16 17:03 UTC by OSIDB Bzimport
Modified: 2025-11-12 15:05 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:19105 0 None None None 2025-10-27 19:34:13 UTC
Red Hat Product Errata RHSA-2025:19886 0 None None None 2025-11-06 08:55:18 UTC
Red Hat Product Errata RHSA-2025:21051 0 None None None 2025-11-12 00:31:25 UTC
Red Hat Product Errata RHSA-2025:21091 0 None None None 2025-11-12 08:08:55 UTC
Red Hat Product Errata RHSA-2025:21112 0 None None None 2025-11-12 11:25:17 UTC
Red Hat Product Errata RHSA-2025:21128 0 None None None 2025-11-12 13:48:51 UTC
Red Hat Product Errata RHSA-2025:21136 0 None None None 2025-11-12 15:05:23 UTC

Description OSIDB Bzimport 2025-09-16 17:03:48 UTC 
In the Linux kernel, the following vulnerability has been resolved:

pstore/ram: Check start of empty przs during init

After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as
valid"), initialization would assume a prz was valid after seeing that
the buffer_size is zero (regardless of the buffer start position). This
unchecked start value means it could be outside the bounds of the buffer,
leading to future access panics when written to:

 sysdump_panic_event+0x3b4/0x5b8
 atomic_notifier_call_chain+0x54/0x90
 panic+0x1c8/0x42c
 die+0x29c/0x2a8
 die_kernel_fault+0x68/0x78
 __do_kernel_fault+0x1c4/0x1e0
 do_bad_area+0x40/0x100
 do_translation_fault+0x68/0x80
 do_mem_abort+0x68/0xf8
 el1_da+0x1c/0xc0
 __raw_writeb+0x38/0x174
 __memcpy_toio+0x40/0xac
 persistent_ram_update+0x44/0x12c
 persistent_ram_write+0x1a8/0x1b8
 ramoops_pstore_write+0x198/0x1e8
 pstore_console_write+0x94/0xe0
 ...

To avoid this, also check if the prz start is 0 during the initialization
phase. If not, the next prz sanity check case will discover it (start >
size) and zap the buffer back to a sane state.

[kees: update commit log with backtrace and clarifications]
Comment 1 Jon Moroney 2025-09-16 17:49:27 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091645-CVE-2023-53331-50a3@gregkh/T
Comment 5 errata-xmlrpc 2025-10-27 19:34:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:19105 https://access.redhat.com/errata/RHSA-2025:19105
Comment 9 errata-xmlrpc 2025-11-06 08:55:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:19886 https://access.redhat.com/errata/RHSA-2025:19886
Comment 10 errata-xmlrpc 2025-11-12 00:31:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:21051 https://access.redhat.com/errata/RHSA-2025:21051
Comment 11 errata-xmlrpc 2025-11-12 08:08:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21091 https://access.redhat.com/errata/RHSA-2025:21091
Comment 12 errata-xmlrpc 2025-11-12 11:25:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21112 https://access.redhat.com/errata/RHSA-2025:21112
Comment 13 errata-xmlrpc 2025-11-12 13:48:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:21128 https://access.redhat.com/errata/RHSA-2025:21128
Comment 14 errata-xmlrpc 2025-11-12 15:05:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:21136 https://access.redhat.com/errata/RHSA-2025:21136
Note You need to log in before you can comment on or make changes to this bug.