{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52504", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.314Z", "datePublished": "2024-03-02T21:52:18.500Z", "dateUpdated": "2024-11-04T14:48:09.122Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:09.122Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kernel/alternative.c"], "versions": [{"version": "6657fca06e3f", "lessThan": "3719d3c36aa8", "status": "affected", "versionType": "git"}, {"version": "6657fca06e3f", "lessThan": "3770c38cd6a6", "status": "affected", "versionType": "git"}, {"version": "6657fca06e3f", "lessThan": "6788b10620ca", "status": "affected", "versionType": "git"}, {"version": "6657fca06e3f", "lessThan": "ecba5afe86f3", "status": "affected", "versionType": "git"}, {"version": "6657fca06e3f", "lessThan": "5b784489c815", "status": "affected", "versionType": "git"}, {"version": "6657fca06e3f", "lessThan": "cd287cc208df", "status": "affected", "versionType": "git"}, {"version": "6657fca06e3f", "lessThan": "d35652a5fc99", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/kernel/alternative.c"], "versions": [{"version": "4.17", "status": "affected"}, {"version": "0", "lessThan": "4.17", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.297", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.270", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.199", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.136", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.8", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"}, {"url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"}, {"url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"}, {"url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"}, {"url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"}, {"url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"}, {"url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"}], "title": "x86/alternatives: Disable KASAN in apply_alternatives()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52504", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T22:11:24.462038Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:02.291Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.409Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.409Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52504", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T22:11:24.462038Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.085Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "x86/alternatives: Disable KASAN in apply_alternatives()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6657fca06e3f", "lessThan": "3719d3c36aa8", "versionType": "git"}, {"status": "affected", "version": "6657fca06e3f", "lessThan": "3770c38cd6a6", "versionType": "git"}, {"status": "affected", "version": "6657fca06e3f", "lessThan": "6788b10620ca", "versionType": "git"}, {"status": "affected", "version": "6657fca06e3f", "lessThan": "ecba5afe86f3", "versionType": "git"}, {"status": "affected", "version": "6657fca06e3f", "lessThan": "5b784489c815", "versionType": "git"}, {"status": "affected", "version": "6657fca06e3f", "lessThan": "cd287cc208df", "versionType": "git"}, {"status": "affected", "version": "6657fca06e3f", "lessThan": "d35652a5fc99", "versionType": "git"}], "programFiles": ["arch/x86/kernel/alternative.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.17"}, {"status": "unaffected", "version": "0", "lessThan": "4.17", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.297", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.270", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.199", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.136", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.59", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.8", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/x86/kernel/alternative.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"}, {"url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"}, {"url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"}, {"url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"}, {"url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"}, {"url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"}, {"url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:09.122Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52504", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:09.122Z", "dateReserved": "2024-02-20T12:30:33.314Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:18.500Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/alternatives: deshabilite KASAN en apply_alternatives() Fei ha informado que KASAN se activa durante apply_alternatives() en una m\u00e1quina de paginaci\u00f3n de 5 niveles: ERROR: KASAN: fuera de los l\u00edmites en rcu_is_watching() Lectura de tama\u00f1o 4 en la direcci\u00f3n ff110003ee6419a0 mediante task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... En m\u00e1quinas con paginaci\u00f3n de 5 niveles, cpu_feature_enabled(X86_FEATURE_LA57) se parchea. Incluye c\u00f3digo KASAN, donde KASAN_SHADOW_START depende de __VIRTUAL_MASK_SHIFT, que se define con cpu_feature_enabled(). KASAN se confunde cuando apply_alternatives() parchea a los usuarios de KASAN_SHADOW_START. Un parche de prueba que hace que KASAN_SHADOW_START sea est\u00e1tico, reemplazando __VIRTUAL_MASK_SHIFT con 56, soluciona el problema. Solucionelo de verdad deshabilitando KASAN mientras el kernel parchea alternativas. [mingo: actualiz\u00f3 el registro de cambios]"}], "id": "CVE-2023-52504", "lastModified": "2024-03-04T13:58:23.447", "metrics": {}, "published": "2024-03-02T22:15:47.300", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: x86/alternatives: Disable KASAN in apply_alternatives()", "id": "2267779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267779"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nx86/alternatives: Disable KASAN in apply_alternatives()\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\nBUG: KASAN: out-of-bounds in rcu_is_watching()\nRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n...\n__asan_load4()\nrcu_is_watching()\ntrace_hardirqs_on()\ntext_poke_early()\napply_alternatives()\n...\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n[ mingo: updated the changelog ]", "A flaw was found in the Linux kernel, related to the Kernel Address Sanitizer (KASAN), specifically on systems with 5-level paging. The issue occurs when KASAN triggers an out-of-bounds access in the rcu_is_watching() function, and could lead to memory corruption or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52504", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52504\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52504\nhttps://lore.kernel.org/linux-cve-announce/2024030249-CVE-2023-52504-ebc5@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.297, kernel 5.4.270, kernel 5.10.199, kernel 5.15.136, kernel 6.1.59, kernel 6.5.8, kernel 6.6"}