CVE-2023-53555

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: initialize damo_filter->list from damos_new_filter()

damos_new_filter() is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMON_RECLAIM are not initializing it after calling damos_new_filter(). As a result, accessing uninitialized memory is possible. Actually, adding multiple DAMOS filters via DAMON sysfs interface caused NULL pointer dereferencing. Initialize the field just after the allocation from damos_new_filter().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux98def236f63c66629fb6b2d4b69cecffc5b46539 < da7beebb49c643cd03c54447ed66595936a7a1ceaffected
LinuxLinux98def236f63c66629fb6b2d4b69cecffc5b46539 < 5f1fc67f2cb8d3035d3acd273b48b97835af8afdaffected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.4.11 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

References