Bug 2265795 (CVE-2023-52459) - CVE-2023-52459 kernel: v4l: async: Fix duplicated list deletion
Summary: CVE-2023-52459 kernel: v4l: async: Fix duplicated list deletion
Keywords:
Status: NEW
Alias: CVE-2023-52459
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2265807
Blocks: 2265790
TreeView+ depends on / blocked
 
Reported: 2024-02-24 11:20 UTC by Patrick Del Bello
Modified: 2024-06-18 15:32 UTC (History)
49 users (show)

Fixed In Version: kernel 6.8-rc1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel code where a list element is deleted twice from a linked list due to redundant list_del() calls. This issue leads to list corruption or kernel crashes and occurs when list_del() is invoked in a helper function and again in the main function. With CONFIG_DEBUG_LIST enabled, this triggers a warning; otherwise, it causes a kernel error due to NULL pointer dereference.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Patrick Del Bello 2024-02-24 11:20:06 UTC
The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del()
call results in either a warning (with CONFIG_DEBUG_LIST=y): list_del corruption, c46c8198->next is LIST_POISON1 (00000100)
If CONFIG_DEBUG_LIST is disabled the operation results in a kernel error due to NULL pointer dereference.

Comment 1 Patrick Del Bello 2024-02-24 11:24:56 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2265807]

Comment 3 Justin M. Forbes 2024-02-27 00:13:50 UTC
	Issue introduced in 6.6 with commit 28a1295795d8 and fixed in 6.6.14 with commit b7062628caea
	Issue introduced in 6.6 with commit 28a1295795d8 and fixed in 6.7.2 with commit 49d828114284
	Issue introduced in 6.6 with commit 28a1295795d8 and fixed in 6.8-rc1 with commit 3de6ee94aae7

Comment 4 Justin M. Forbes 2024-02-27 00:14:32 UTC
This was fixed for Fedora with the 6.6.14 stable kernel updates.

Comment 6 Alex 2024-06-09 13:12:14 UTC
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2023-52459 is: 	SKIP	The Fixes patch not applied yet, so unlikely that actual: 28a1295795d85a25f2e7dd391c43969e95fcb341	YES			NO	NO	unknown (where first YES/NO value means if related sources built).


Note You need to log in before you can comment on or make changes to this bug.