 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2023-52483 |
| Description: | In the Linux kernel, the following vulnerability has been resolved:
mctp: perform route lookups under a RCU read-side lock Our current
route lookups (mctp_route_lookup and mctp_route_lookup_null) traverse
the net's route list without the RCU read lock held. This means the
route lookup is subject to preemption, resulting in an potential grace
period expiry, and so an eventual kfree() while we still have the
route pointer. Add the proper read-side critical section locks around
the route lookups, preventing premption and a possible parallel kfree.
The remaining net->mctp.routes accesses are already under a
rcu_read_lock, or protected by the RTNL for updates. Based on an
analysis from Sili Luo |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-52483 https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4 https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4 https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67 https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67 |