CVE-2023-53481
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
Following process will trigger an infinite loop in ubi_wl_put_peb():
ubifs_bgt ubi_bgt
ubifs_leb_unmap ubi_leb_unmap ubi_eba_unmap_leb ubi_wl_put_peb wear_leveling_worker e1 = rb_entry(rb_first(&ubi->used) e2 = get_peb_for_wl(ubi) ubi_io_read_vid_hdr // return err (flash fault) out_error: ubi->move_from = ubi->move_to = NULL wl_entry_destroy(ubi, e1) ubi->lookuptbl[e->pnum] = NULL retry: e = ubi->lookuptbl[pnum]; // return NULL if (e == ubi->move_from) { // NULL == NULL gets true goto retry; // infinite loop !!!
$ top PID USER PR NI VIRT RES SHR S %CPU %MEM COMMAND 7676 root 20 0 0 0 0 R 100.0 0.0 ubifs_bgt0_0
Fix it by:
- Letting ubi_wl_put_peb() returns directly if wearl leveling entry has been removed from 'ubi->lookuptbl'.
- Using 'ubi->wl_lock' protecting wl entry deletion to preventing an use-after-free problem for wl entry in ubi_wl_put_peb().
Fetch a reproducer in [Link].
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < b40d2fbf47af58377e898b5062077a47bb28a132 | affected |
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < f006f596fe851c3b6aae60b79f89f89f0e515d2f | affected |
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < b5be23f6ae610bdb262160a1f294afee6d0e6a69 | affected |
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < 8a18856e074479bd050b01e688c58defadce7ab0 | affected |
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < 3afaaf6f5867dc4ad383808d4053f428ec7b867d | affected |
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < cc4bc532acda66189bddc03b3fe1ad689d9a48a2 | affected |
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < 5af1c643184a5d09ff5b3f334077a4d0a163c677 | affected |
| Linux | Linux | 43f9b25a9cdd7b177f77f026b1461abd1abbd174 < 4d57a7333e26040f2b583983e1970d9d460e56b0 | affected |
| Linux | Linux | 2.6.25 | affected |
| Linux | Linux | 0 < 2.6.25 | unaffected |
| Linux | Linux | 4.14.308 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.276 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.235 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.173 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.100 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.18 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.5 <= 6.2.* | unaffected |
| Linux | Linux | 6.3 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b40d2fbf47af58377e898b5062077a47bb28a132
- https://git.kernel.org/stable/c/f006f596fe851c3b6aae60b79f89f89f0e515d2f
- https://git.kernel.org/stable/c/b5be23f6ae610bdb262160a1f294afee6d0e6a69
- https://git.kernel.org/stable/c/8a18856e074479bd050b01e688c58defadce7ab0
- https://git.kernel.org/stable/c/3afaaf6f5867dc4ad383808d4053f428ec7b867d
- https://git.kernel.org/stable/c/cc4bc532acda66189bddc03b3fe1ad689d9a48a2
- https://git.kernel.org/stable/c/5af1c643184a5d09ff5b3f334077a4d0a163c677
- https://git.kernel.org/stable/c/4d57a7333e26040f2b583983e1970d9d460e56b0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.