CVE-2023-52639

Summary

In the Linux kernel, the following vulnerability has been resolved:

KVM: s390: vsie: fix race during shadow creation

Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private == kvm after creation:

static int acquire_gmap_shadow(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) { […] gmap = gmap_shadow(vcpu->arch.gmap, asce, edat); if (IS_ERR(gmap)) return PTR_ERR(gmap); gmap->private = vcpu->kvm;

Let children inherit the private field of the parent.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa3508fbe9dc6dd3bece0c7bf889cc085a011738c < 5df3b81a567eb565029563f26f374ae3803a1dfcaffected
LinuxLinuxa3508fbe9dc6dd3bece0c7bf889cc085a011738c < f5572c0323cf8b4f1f0618178648a25b8fb8a380affected
LinuxLinuxa3508fbe9dc6dd3bece0c7bf889cc085a011738c < 28bb27824f25f36e5f80229a358d66ee09244082affected
LinuxLinuxa3508fbe9dc6dd3bece0c7bf889cc085a011738c < fe752331d4b361d43cfd0b89534b4b2176057c32affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux6.1.82 <= 6.1.*unaffected
LinuxLinux6.6.22 <= 6.6.*unaffected
LinuxLinux6.7.6 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References