{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52740", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.233Z", "datePublished": "2024-05-21T15:23:03.201Z", "dateUpdated": "2024-11-04T14:51:47.485Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:51:47.485Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch\n\nThe RFI and STF security mitigation options can flip the\ninterrupt_exit_not_reentrant static branch condition concurrently with\nthe interrupt exit code which tests that branch.\n\nInterrupt exit tests this condition to set MSR[EE|RI] for exit, then\nagain in the case a soft-masked interrupt is found pending, to recover\nthe MSR so the interrupt can be replayed before attempting to exit\nagain. If the condition changes between these two tests, the MSR and irq\nsoft-mask state will become corrupted, leading to warnings and possible\ncrashes. For example, if the branch is initially true then false,\nMSR[EE] will be 0 but PACA_IRQ_HARD_DIS clear and EE may not get\nenabled, leading to warnings in irq_64.c."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/kernel/interrupt.c"], "versions": [{"version": "13799748b957", "lessThan": "86f7e4239336", "status": "affected", "versionType": "git"}, {"version": "13799748b957", "lessThan": "6f097c24815e", "status": "affected", "versionType": "git"}, {"version": "13799748b957", "lessThan": "2ea31e2e62bb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/powerpc/kernel/interrupt.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.94", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.12", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/86f7e423933608d536015a0f2eb9e0338c1227e0"}, {"url": "https://git.kernel.org/stable/c/6f097c24815e67909a1fcc2c605586d02babd673"}, {"url": "https://git.kernel.org/stable/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1"}], "title": "powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52740", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:15:22.000735Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:49.892Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.916Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/86f7e423933608d536015a0f2eb9e0338c1227e0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6f097c24815e67909a1fcc2c605586d02babd673", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/86f7e423933608d536015a0f2eb9e0338c1227e0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6f097c24815e67909a1fcc2c605586d02babd673", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.916Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52740", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:15:22.000735Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.382Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "13799748b957", "lessThan": "86f7e4239336", "versionType": "git"}, {"status": "affected", "version": "13799748b957", "lessThan": "6f097c24815e", "versionType": "git"}, {"status": "affected", "version": "13799748b957", "lessThan": "2ea31e2e62bb", "versionType": "git"}], "programFiles": ["arch/powerpc/kernel/interrupt.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.14"}, {"status": "unaffected", "version": "0", "lessThan": "5.14", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.94", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.12", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/powerpc/kernel/interrupt.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/86f7e423933608d536015a0f2eb9e0338c1227e0"}, {"url": "https://git.kernel.org/stable/c/6f097c24815e67909a1fcc2c605586d02babd673"}, {"url": "https://git.kernel.org/stable/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch\n\nThe RFI and STF security mitigation options can flip the\ninterrupt_exit_not_reentrant static branch condition concurrently with\nthe interrupt exit code which tests that branch.\n\nInterrupt exit tests this condition to set MSR[EE|RI] for exit, then\nagain in the case a soft-masked interrupt is found pending, to recover\nthe MSR so the interrupt can be replayed before attempting to exit\nagain. If the condition changes between these two tests, the MSR and irq\nsoft-mask state will become corrupted, leading to warnings and possible\ncrashes. For example, if the branch is initially true then false,\nMSR[EE] will be 0 but PACA_IRQ_HARD_DIS clear and EE may not get\nenabled, leading to warnings in irq_64.c."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:51:47.485Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52740", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:51:47.485Z", "dateReserved": "2024-05-21T15:19:24.233Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:23:03.201Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch\n\nThe RFI and STF security mitigation options can flip the\ninterrupt_exit_not_reentrant static branch condition concurrently with\nthe interrupt exit code which tests that branch.\n\nInterrupt exit tests this condition to set MSR[EE|RI] for exit, then\nagain in the case a soft-masked interrupt is found pending, to recover\nthe MSR so the interrupt can be replayed before attempting to exit\nagain. If the condition changes between these two tests, the MSR and irq\nsoft-mask state will become corrupted, leading to warnings and possible\ncrashes. For example, if the branch is initially true then false,\nMSR[EE] will be 0 but PACA_IRQ_HARD_DIS clear and EE may not get\nenabled, leading to warnings in irq_64.c."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/64s/interrupt: corrige la ejecuci\u00f3n de salida de interrupci\u00f3n con un interruptor de mitigaci\u00f3n de seguridad. Las opciones de mitigaci\u00f3n de seguridad RFI y STF pueden invertir la condici\u00f3n de rama est\u00e1tica interrupt_exit_not_reentrant al mismo tiempo que el c\u00f3digo de salida de interrupci\u00f3n que prueba esa rama. . La salida de interrupci\u00f3n prueba esta condici\u00f3n para configurar MSR[EE|RI] para la salida, luego nuevamente en el caso de que se encuentre pendiente una interrupci\u00f3n enmascarada, para recuperar el MSR para que la interrupci\u00f3n pueda reproducirse antes de intentar salir nuevamente. Si la condici\u00f3n cambia entre estas dos pruebas, el estado de la m\u00e1scara suave MSR e irq se da\u00f1ar\u00e1, lo que generar\u00e1 advertencias y posibles fallas. Por ejemplo, si la rama es inicialmente verdadera y luego falsa, MSR[EE] ser\u00e1 0 pero PACA_IRQ_HARD_DIS estar\u00e1 clara y es posible que EE no se habilite, lo que generar\u00e1 advertencias en irq_64.c."}], "id": "CVE-2023-52740", "lastModified": "2024-11-21T08:40:29.143", "metrics": {}, "published": "2024-05-21T16:15:13.900", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6f097c24815e67909a1fcc2c605586d02babd673"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86f7e423933608d536015a0f2eb9e0338c1227e0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/6f097c24815e67909a1fcc2c605586d02babd673"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/86f7e423933608d536015a0f2eb9e0338c1227e0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch", "id": "2282741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282741"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\npowerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch\nThe RFI and STF security mitigation options can flip the\ninterrupt_exit_not_reentrant static branch condition concurrently with\nthe interrupt exit code which tests that branch.\nInterrupt exit tests this condition to set MSR[EE|RI] for exit, then\nagain in the case a soft-masked interrupt is found pending, to recover\nthe MSR so the interrupt can be replayed before attempting to exit\nagain. If the condition changes between these two tests, the MSR and irq\nsoft-mask state will become corrupted, leading to warnings and possible\ncrashes. For example, if the branch is initially true then false,\nMSR[EE] will be 0 but PACA_IRQ_HARD_DIS clear and EE may not get\nenabled, leading to warnings in irq_64.c."], "name": "CVE-2023-52740", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52740\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52740\nhttps://lore.kernel.org/linux-cve-announce/2024052101-CVE-2023-52740-3265@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.94, kernel 6.1.12, kernel 6.2"}