diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-05-13 15:12:48 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-05-13 15:12:48 +0200 |
| commit | 1e6464c9df05d4dccc4f36735195371de36c798c (patch) | |
| tree | cdf56c57ff62b9e20a5dfa7f08acc589de8ced58 | |
| parent | 9da0bcc326e6433b9618e61819ad0d6f61dffded (diff) | |
| download | vulns-master.tar.gz | |
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | cve/published/2023/CVE-2023-52656 (renamed from cve/reserved/2023/CVE-2023-52656) | 0 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-52656.json | 138 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-52656.mbox | 77 | ||||
| -rw-r--r-- | cve/published/2023/CVE-2023-52656.sha1 | 1 |
4 files changed, 216 insertions, 0 deletions
diff --git a/cve/reserved/2023/CVE-2023-52656 b/cve/published/2023/CVE-2023-52656 index e69de29b..e69de29b 100644 --- a/cve/reserved/2023/CVE-2023-52656 +++ b/cve/published/2023/CVE-2023-52656 diff --git a/cve/published/2023/CVE-2023-52656.json b/cve/published/2023/CVE-2023-52656.json new file mode 100644 index 00000000..89032736 --- /dev/null +++ b/cve/published/2023/CVE-2023-52656.json @@ -0,0 +1,138 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: drop any code related to SCM_RIGHTS\n\nThis is dead code after we dropped support for passing io_uring fds\nover SCM_RIGHTS, get rid of it." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "1da177e4c3f4", + "lessThan": "cfb24022bb2c", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "a6771f343af9", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "d909d381c315", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "a3812a47a320", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "88c49d9c8961", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "6e5e6d274956", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.4.273", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.214", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.15.153", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.1.83", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.11", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3" + }, + { + "url": "https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02" + }, + { + "url": "https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4" + }, + { + "url": "https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b" + }, + { + "url": "https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89" + }, + { + "url": "https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb" + } + ], + "title": "io_uring: drop any code related to SCM_RIGHTS", + "x_generator": { + "engine": "bippy-d175d3acf727" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2023-52656", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2023/CVE-2023-52656.mbox b/cve/published/2023/CVE-2023-52656.mbox new file mode 100644 index 00000000..e5424d90 --- /dev/null +++ b/cve/published/2023/CVE-2023-52656.mbox @@ -0,0 +1,77 @@ +From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2023-52656: io_uring: drop any code related to SCM_RIGHTS +Message-Id: <2024051338-CVE-2023-52656-6545@gregkh> +Content-Length: 2135 +Lines: 60 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2196; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=cuE2FDg/b845KmVlNsXbN9ZQBnuQZx5q8+Cmglejmdc=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGlOgsd+az5PZjrXY8bw5E1skqeRvMH3epnojvIH+aaLn + q3w893dEcvCIMjEICumyPJlG8/R/RWHFL0MbU/DzGFlAhnCwMUpABN56sIwv+Kk0IfaiujajW7z + 21X+d566HdHMzzDfs1CpLPz+2u7KTO+YtWHrVJ/MKX0DAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +io_uring: drop any code related to SCM_RIGHTS + +This is dead code after we dropped support for passing io_uring fds +over SCM_RIGHTS, get rid of it. + +The Linux kernel CVE team has assigned CVE-2023-52656 to this issue. + + +Affected and fixed versions +=========================== + + Fixed in 5.4.273 with commit cfb24022bb2c + Fixed in 5.10.214 with commit a6771f343af9 + Fixed in 5.15.153 with commit d909d381c315 + Fixed in 6.1.83 with commit a3812a47a320 + Fixed in 6.7.11 with commit 88c49d9c8961 + Fixed in 6.8 with commit 6e5e6d274956 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2023-52656 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + include/linux/io_uring_types.h + io_uring/filetable.c + io_uring/io_uring.c + io_uring/rsrc.c + io_uring/rsrc.h + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3 + https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02 + https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4 + https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b + https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89 + https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb diff --git a/cve/published/2023/CVE-2023-52656.sha1 b/cve/published/2023/CVE-2023-52656.sha1 new file mode 100644 index 00000000..7ecf4628 --- /dev/null +++ b/cve/published/2023/CVE-2023-52656.sha1 @@ -0,0 +1 @@ +6e5e6d274956305f1fc0340522b38f5f5be74bdb |