CVE-2023-52940

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm: multi-gen LRU: fix crash during cgroup migration

lru_gen_migrate_mm() assumes lru_gen_add_mm() runs prior to itself. This isn't true for the following scenario:

CPU 1                         CPU 2

clone() cgroup_can_fork() cgroup_procs_write() cgroup_post_fork() task_lock() lru_gen_migrate_mm() task_unlock() task_lock() lru_gen_add_mm() task_unlock()

And when the above happens, kernel crashes because of linked list corruption (mm_struct->lru_gen.list).

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbd74fdaea146029e4fa12c6de89adbe0779348a9 < 04448022311cebd30969d3aebdde765f1258b360affected
LinuxLinuxbd74fdaea146029e4fa12c6de89adbe0779348a9 < de08eaa6156405f2e9369f06ba5afae0e4ab3b62affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.11 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References