Bug 2266341 (CVE-2023-52469) - CVE-2023-52469 kernel: use-after-free in kv_parse_power_table
Summary: CVE-2023-52469 kernel: use-after-free in kv_parse_power_table
Keywords:
Status: NEW
Alias: CVE-2023-52469
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2266343
Blocks: 2266208
TreeView+ depends on / blocked
 
Reported: 2024-02-27 16:34 UTC by Rohit Keshri
Modified: 2024-08-26 14:38 UTC (History)
51 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in kv_parse_power_table in drivers/amd/pm in the Linux kernel. When ps equals NULL, kv_parse_power_table frees adev->pm.dpm.ps. The adev->pm.dpm.ps is used in the loop of kv_dpm_fini after its first free in kv_parse_power_table, causing a use-after-free problem.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:5117 0 None None None 2024-08-08 08:32:40 UTC
Red Hat Product Errata RHBA-2024:5207 0 None None None 2024-08-12 07:52:20 UTC
Red Hat Product Errata RHBA-2024:5208 0 None None None 2024-08-12 08:32:46 UTC
Red Hat Product Errata RHBA-2024:5233 0 None None None 2024-08-12 13:50:45 UTC
Red Hat Product Errata RHBA-2024:5235 0 None None None 2024-08-12 14:23:07 UTC
Red Hat Product Errata RHBA-2024:5236 0 None None None 2024-08-12 14:39:13 UTC
Red Hat Product Errata RHBA-2024:5237 0 None None None 2024-08-12 14:44:08 UTC
Red Hat Product Errata RHBA-2024:5386 0 None None None 2024-08-14 10:47:02 UTC
Red Hat Product Errata RHBA-2024:5866 0 None None None 2024-08-26 14:38:39 UTC
Red Hat Product Errata RHSA-2024:5101 0 None None None 2024-08-08 04:52:11 UTC
Red Hat Product Errata RHSA-2024:5102 0 None None None 2024-08-08 04:40:27 UTC

Description Rohit Keshri 2024-02-27 16:34:09 UTC
In the Linux kernel, the following vulnerability has been resolved:

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

When ps allocated by kzalloc equals to NULL, kv_parse_power_table
frees adev->pm.dpm.ps that allocated before. However, after the control
flow goes through the following call chains:

kv_parse_power_table
  |-> kv_dpm_init
        |-> kv_dpm_sw_init
	      |-> kv_dpm_fini

The adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its
first free in kv_parse_power_table and causes a use-after-free bug.

https://git.kernel.org/stable/c/28dd788382c43b330480f57cd34cde0840896743
https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1cfafd02
https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706
https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3
https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e
https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63
https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3
https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a

Comment 1 Rohit Keshri 2024-02-27 16:44:04 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2266343]

Comment 4 Justin M. Forbes 2024-02-27 18:51:54 UTC
This was fixed for Fedora with the 6.6.14 stable kernel update.

Comment 8 errata-xmlrpc 2024-08-08 04:40:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102

Comment 9 errata-xmlrpc 2024-08-08 04:52:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101


Note You need to log in before you can comment on or make changes to this bug.