#VU92053 Improper locking in Linux kernel - CVE-2023-52474

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.

Remediation

External links

• https://git.kernel.org/stable/c/9c4c6512d7330b743c4ffd18bd999a86ca26db0d
• https://git.kernel.org/stable/c/a2bd706ab63509793b5cd5065e685b7ef5cba678
• https://git.kernel.org/stable/c/dce59b5443700fbd0d2433ec6e4d4cf063448844
• https://git.kernel.org/stable/c/c76cb8f4bdf26d04cfa5485a93ce297dba5e6a80
• https://git.kernel.org/stable/c/7e6010f79b58f45b204cf18aa58f4b73c3f30adc
• https://git.kernel.org/stable/c/00cbce5cbf88459cd1aa1d60d0f1df15477df127
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.180
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.111
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.28
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.15
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4