CVE-2023-52704

Summary

In the Linux kernel, the following vulnerability has been resolved:

freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL

Tetsuo-San noted that commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") broke call_usermodehelper_exec() for the KILLABLE case.

Specifically it was missed that the second, unconditional, wait_for_completion() was not optional and ensures the on-stack completion is unused before going out-of-scope.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf5d39b020809146cc28e6e73369bf8065e0310aa < 7f9f6c54da876b3f0bece2b569456ceb96965ed7affected
LinuxLinuxf5d39b020809146cc28e6e73369bf8065e0310aa < eedeb787ebb53de5c5dcf7b7b39d01bf1b0f037daffected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.13 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References