OpenCVE

In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [jmoyer@redhat.com: fix 80 column issue]

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1
https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2
https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95
https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1
https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d
https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f
https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22
https://lore.kernel.org/linux-cve-announce/2024042655-CVE-2023-52646-3ebb@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52646
https://www.cve.org/CVERecord?id=CVE-2023-52646

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-26T12:19:32.167Z

Updated: 2024-11-04T14:50:23.089Z

Reserved: 2024-03-06T09:52:12.094Z

Link: CVE-2023-52646

Vulnrichment

Updated: 2024-08-02T23:03:21.281Z

NVD

Status : Awaiting Analysis

Published: 2024-04-26T13:15:46.453

Modified: 2024-11-21T08:40:16.687

Link: CVE-2023-52646

Redhat

Severity : Moderate

Publid Date: 2024-04-26T00:00:00Z

Links: CVE-2023-52646 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52646", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.094Z", "datePublished": "2024-04-26T12:19:32.167Z", "dateUpdated": "2024-11-04T14:50:23.089Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:50:23.089Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm->ioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/aio.c"], "versions": [{"version": "e4a0d3e720e7", "lessThan": "808f1e4b5723", "status": "affected", "versionType": "git"}, {"version": "e4a0d3e720e7", "lessThan": "d8dca1bfe9ad", "status": "affected", "versionType": "git"}, {"version": "e4a0d3e720e7", "lessThan": "4326d0080f7e", "status": "affected", "versionType": "git"}, {"version": "e4a0d3e720e7", "lessThan": "c261f798f7ba", "status": "affected", "versionType": "git"}, {"version": "e4a0d3e720e7", "lessThan": "178993157e8c", "status": "affected", "versionType": "git"}, {"version": "e4a0d3e720e7", "lessThan": "af126acf01a1", "status": "affected", "versionType": "git"}, {"version": "e4a0d3e720e7", "lessThan": "81e9d6f86476", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/aio.c"], "versions": [{"version": "3.19", "status": "affected"}, {"version": "0", "lessThan": "3.19", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.306", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.273", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.232", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.169", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.95", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.13", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95"}, {"url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22"}, {"url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2"}, {"url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f"}, {"url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1"}, {"url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d"}, {"url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1"}], "title": "aio: fix mremap after fork null-deref", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T14:11:42.942960Z", "id": "CVE-2023-52646", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:11:56.678Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.281Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.281Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52646", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T14:11:42.942960Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:11:53.151Z"}}], "cna": {"title": "aio: fix mremap after fork null-deref", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e4a0d3e720e7", "lessThan": "808f1e4b5723", "versionType": "git"}, {"status": "affected", "version": "e4a0d3e720e7", "lessThan": "d8dca1bfe9ad", "versionType": "git"}, {"status": "affected", "version": "e4a0d3e720e7", "lessThan": "4326d0080f7e", "versionType": "git"}, {"status": "affected", "version": "e4a0d3e720e7", "lessThan": "c261f798f7ba", "versionType": "git"}, {"status": "affected", "version": "e4a0d3e720e7", "lessThan": "178993157e8c", "versionType": "git"}, {"status": "affected", "version": "e4a0d3e720e7", "lessThan": "af126acf01a1", "versionType": "git"}, {"status": "affected", "version": "e4a0d3e720e7", "lessThan": "81e9d6f86476", "versionType": "git"}], "programFiles": ["fs/aio.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.19"}, {"status": "unaffected", "version": "0", "lessThan": "3.19", "versionType": "semver"}, {"status": "unaffected", "version": "4.14.306", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.273", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.232", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.169", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.95", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.13", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/aio.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95"}, {"url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22"}, {"url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2"}, {"url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f"}, {"url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1"}, {"url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d"}, {"url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm->ioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:50:23.089Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52646", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:50:23.089Z", "dateReserved": "2024-03-06T09:52:12.094Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-26T12:19:32.167Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm->ioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: aio: corrige mremap despu\u00e9s de la bifurcaci\u00f3n null-deref Commit e4a0d3e720e7 (\"aio: Make it posible reasignar el anillo aio\") introdujo un null-deref si se llama a mremap en un mapeo aio antiguo despu\u00e9s de la bifurcaci\u00f3n como mm->ioctx_table se establecer\u00e1 en NULL. [jmoyer@redhat.com: soluciona el problema de 80 columnas]"}], "id": "CVE-2023-52646", "lastModified": "2024-11-21T08:40:16.687", "metrics": {}, "published": "2024-04-26T13:15:46.453", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: aio: fix mremap after fork null-deref", "id": "2277789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277789"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\naio: fix mremap after fork null-deref\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm->ioctx_table will be set to NULL.\n[jmoyer@redhat.com: fix 80 column issue]", "A flaw was found in the Linux kernel\u2019s Asynchronous I/O (AIO) subsystem. The issue arises due to a NULL pointer dereference (null-deref) when using the mremap() function after a fork operation, specifically on old AIO mappings. The vulnerability occurs because the ioctx_table is set to NULL after the fork, leading to the potential for system crashes when mremap() is called on these outdated mappings.\nThe problem was introduced in Linux kernel version 3.19 and affected various versions up to 6.2, depending on the specific kernel. It was fixed across several versions, including 4.14.306, 4.19.273, 5.4.232, and 6.1.13.\nTo mitigate this issue, it is recommended to update to the patched kernel versions. The CVSS score for this vulnerability is 5.5, indicating a medium severity, with potential impacts on system availability due to possible crashes triggered by this null pointer dereference."], "name": "CVE-2023-52646", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52646\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52646\nhttps://lore.kernel.org/linux-cve-announce/2024042655-CVE-2023-52646-3ebb@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.14.306, kernel 4.19.273, kernel 5.4.232, kernel 5.10.169, kernel 5.15.95, kernel 6.1.13, kernel 6.2"}