CVE-2023-53491

Summary

In the Linux kernel, the following vulnerability has been resolved:

start_kernel: Add __no_stack_protector function attribute

Back during the discussion of commit a9a3ed1eff36 ("x86: Fix early boot crash on gcc-10, third try") we discussed the need for a function attribute to control the omission of stack protectors on a per-function basis; at the time Clang had support for no_stack_protector but GCC did not. This was fixed in gcc-11. Now that the function attribute is available, let's start using it.

Callers of boot_init_stack_canary need to use this function attribute unless they're compiled with -fno-stack-protector, otherwise the canary stored in the stack slot of the caller will differ upon the call to boot_init_stack_canary. This will lead to a call to __stack_chk_fail() then panic.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux420594296838fdc9a674470d710cda7d1487f9f4 < 25e73018b4093e0cfbcec5dc4a4bb86d0b69ed56affected
LinuxLinux420594296838fdc9a674470d710cda7d1487f9f4 < 514ca14ed5444b911de59ed3381dfd195d99fe4baffected
LinuxLinux2.6.30affected
LinuxLinux0 < 2.6.30unaffected
LinuxLinux6.4.4 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References