CVE-2023-52615

Summary

In the Linux kernel, the following vulnerability has been resolved:

hwrng: core - Fix page fault dead lock on mmap-ed hwrng

There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks.

Fix this by using a stack buffer when calling copy_to_user.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < eafd83b92f6c044007a3591cbd476bcf90455990affected
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < 5030d4c798863ccb266563201b341a099e8cdd48affected
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < c6a8111aacbfe7a8a70f46cc0de8eed00561693caffected
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < 26cc6d7006f922df6cc4389248032d955750b2a0affected
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < aa8aa16ed9adf1df05bb339d588cf485a011839eaffected
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < ecabe8cd456d3bf81e92c53b074732f3140f170daffected
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < 6822a14271786150e178869f1495cc03e74c5029affected
LinuxLinux9996508b3353063f2d6c48c1a28a84543d72d70b < 78aafb3884f6bc6636efcc1760c891c8500b9922affected
LinuxLinux2.6.33affected
LinuxLinux0 < 2.6.33unaffected
LinuxLinux4.19.307 <= 4.19.*unaffected
LinuxLinux5.4.269 <= 5.4.*unaffected
LinuxLinux5.10.210 <= 5.10.*unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.76 <= 6.1.*unaffected
LinuxLinux6.6.15 <= 6.6.*unaffected
LinuxLinux6.7.3 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References