CVE-2023-52699

Summary

In the Linux kernel, the following vulnerability has been resolved:

sysv: don't call sb_bread() with pointers_lock held

syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held.

A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12.

Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit).

Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 13b33feb2ebddc2b1aa607f553566b18a4af1d76affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1b4fe801b5bedec2b622ddb18e5c9bf26c63d79faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 674c1c4229e743070e09db63a23442950ff000d1affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fd203d2c671bdee9ab77090ff394d3b71b627927affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 53cb1e52c9db618c08335984d1ca80db220ccf09affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 89e8524135a3902e7563a5a59b7b5ec1bf4904acaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a69224223746ab96d43e5db9d22d136827b7e2d3affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f123dc86388cb669c3d6322702dc441abc35c31eaffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.19.312 <= 4.19.*unaffected
LinuxLinux5.4.274 <= 5.4.*unaffected
LinuxLinux5.10.215 <= 5.10.*unaffected
LinuxLinux5.15.155 <= 5.15.*unaffected
LinuxLinux6.1.86 <= 6.1.*unaffected
LinuxLinux6.6.27 <= 6.6.*unaffected
LinuxLinux6.8.6 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References