Vulnerability-Lookup

BDU:2024-07834

Vulnerability from fstec - Published: 12.10.2023

Title

Уязвимость компонента x86/alternatives ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента x86/alternatives ядра операционной системы Linux связана с чтением за пределами границ памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт»

Software Name

Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Linux

Software Version

18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 22.04 LTS (Ubuntu), 4.7 (Astra Linux Special Edition), от 5.5 до 5.10.198 включительно (Linux), от 5.11 до 5.15.135 включительно (Linux), от 5.16 до 6.1.58 включительно (Linux), от 6.2 до 6.5.7 включительно (Linux), от 4.20 до 5.4.269 включительно (Linux), от 4.17 до 4.19.296 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2024030249-CVE-2023-52504-ebc5@gregkh/T/#u https://git.kernel.org/linus/d35652a5fc9944784f6f50a5c979518ff8dacf61 https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1 https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4 https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61 https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.199 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.136 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.59 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.8 Для РедоС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2023-52504 Для Ubuntu: https://ubuntu.com/security/CVE-2023-52504 Для Astra Linux Special Edition 1.6 «Смоленск»:: - обновить пакет linux до 5.4.0-186.astra2+ci3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 - обновить пакет linux-5.10 до 5.10.216-1.astra2+ci3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 - обновить пакет linux-5.15 до 5.15.0-111.astra2+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 Для Astra Linux Special Edition 4.7 для архитектуры ARM: - обновить пакет linux до 5.4.0-186.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 - обновить пакет linux-5.10 до 5.10.216-1.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 - обновить пакет linux-5.15 до 5.15.0-111.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 - обновить пакет linux-6.1 до 6.1.90-1.astra3+ci156 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52504 https://git.kernel.org/linus/d35652a5fc9944784f6f50a5c979518ff8dacf61 https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1 https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4 https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61 https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.199 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.136 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.59 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.8 https://lore.kernel.org/linux-cve-announce/2024030249-CVE-2023-52504-ebc5@gregkh/T/#u https://redos.red-soft.ru/support/secure/ https://security-tracker.debian.org/tracker/CVE-2023-52504 https://ubuntu.com/security/CVE-2023-52504 https://ubuntu.com/security/notices/USN-6831-1 https://ubuntu.com/security/notices/USN-6867-1 https://www.cve.org/CVERecord?id=CVE-2023-52504 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 22.04 LTS (Ubuntu), 4.7 (Astra Linux Special Edition), \u043e\u0442 5.5 \u0434\u043e 5.10.198 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.135 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.16 \u0434\u043e 6.1.58 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.2 \u0434\u043e 6.5.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.269 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.17 \u0434\u043e 4.19.296 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2024030249-CVE-2023-52504-ebc5@gregkh/T/#u\nhttps://git.kernel.org/linus/d35652a5fc9944784f6f50a5c979518ff8dacf61\nhttps://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae\nhttps://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1\nhttps://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b\nhttps://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e\nhttps://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4\nhttps://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61\nhttps://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.199\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.136\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.59\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.8\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u043e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-52504\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2023-52504\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb::\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-186.astra2+ci3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.216-1.astra2+ci3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-111.astra2+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-186.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.216-1.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-111.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.90-1.astra3+ci156 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.10.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07834",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-52504",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Canonical Ltd. Ubuntu 22.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.17 \u0434\u043e 4.19.297 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.17 \u0434\u043e 5.10.199 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.17 \u0434\u043e 5.15.136 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.17 \u0434\u043e 5.4.270 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.17 \u0434\u043e 6.1.59 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.17 \u0434\u043e 6.5.8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.17 \u0434\u043e 6.6 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 x86/alternatives \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 x86/alternatives \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52504\nhttps://git.kernel.org/linus/d35652a5fc9944784f6f50a5c979518ff8dacf61\nhttps://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae\nhttps://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1\nhttps://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b\nhttps://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e\nhttps://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4\nhttps://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61\nhttps://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.297\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.199\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.136\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.59\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.8\nhttps://lore.kernel.org/linux-cve-announce/2024030249-CVE-2023-52504-ebc5@gregkh/T/#u\nhttps://redos.red-soft.ru/support/secure/\nhttps://security-tracker.debian.org/tracker/CVE-2023-52504\nhttps://ubuntu.com/security/CVE-2023-52504\nhttps://ubuntu.com/security/notices/USN-6831-1\nhttps://ubuntu.com/security/notices/USN-6867-1\nhttps://www.cve.org/CVERecord?id=CVE-2023-52504\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2023-52504 (GCVE-0-2023-52504)

Vulnerability from cvelistv5 – Published: 2024-03-02 21:52 – Updated: 2025-05-04 07:38

Title

x86/alternatives: Disable KASAN in apply_alternatives()

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in apply_alternatives() Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled(). KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue. Fix it for real by disabling KASAN while the kernel is patching alternatives. [ mingo: updated the changelog ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3719d3c36aa853d5a…
	https://git.kernel.org/stable/c/3770c38cd6a60494d…
	https://git.kernel.org/stable/c/6788b10620ca6e985…
	https://git.kernel.org/stable/c/ecba5afe86f30605e…
	https://git.kernel.org/stable/c/5b784489c8158518b…
	https://git.kernel.org/stable/c/cd287cc208dfe6bd6…
	https://git.kernel.org/stable/c/d35652a5fc9944784…

Impacted products

Vendor

Product

Version

Linux

Affected: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 , < 3719d3c36aa853d5a2401af9f8d6b116c91ad5ae (git)
Affected: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 , < 3770c38cd6a60494da29ac2da73ff8156440a2d1 (git)
Affected: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 , < 6788b10620ca6e98575d1e06e72a8974aad7657e (git)
Affected: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 , < ecba5afe86f30605eb9dfb7f265a8de0218d4cfc (git)
Affected: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 , < 5b784489c8158518bf7a466bb3cc045b0fb66b4b (git)
Affected: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 , < cd287cc208dfe6bd6da98e7f88e723209242c9b4 (git)
Affected: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 , < d35652a5fc9944784f6f50a5c979518ff8dacf61 (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 4.19.297 , ≤ 4.19.* (semver)
Unaffected: 5.4.270 , ≤ 5.4.* (semver)
Unaffected: 5.10.199 , ≤ 5.10.* (semver)
Unaffected: 5.15.136 , ≤ 5.15.* (semver)
Unaffected: 6.1.59 , ≤ 6.1.* (semver)
Unaffected: 6.5.8 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52504",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T22:11:24.462038Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:02.291Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/alternative.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3719d3c36aa853d5a2401af9f8d6b116c91ad5ae",
              "status": "affected",
              "version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
              "versionType": "git"
            },
            {
              "lessThan": "3770c38cd6a60494da29ac2da73ff8156440a2d1",
              "status": "affected",
              "version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
              "versionType": "git"
            },
            {
              "lessThan": "6788b10620ca6e98575d1e06e72a8974aad7657e",
              "status": "affected",
              "version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
              "versionType": "git"
            },
            {
              "lessThan": "ecba5afe86f30605eb9dfb7f265a8de0218d4cfc",
              "status": "affected",
              "version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
              "versionType": "git"
            },
            {
              "lessThan": "5b784489c8158518bf7a466bb3cc045b0fb66b4b",
              "status": "affected",
              "version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
              "versionType": "git"
            },
            {
              "lessThan": "cd287cc208dfe6bd6da98e7f88e723209242c9b4",
              "status": "affected",
              "version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
              "versionType": "git"
            },
            {
              "lessThan": "d35652a5fc9944784f6f50a5c979518ff8dacf61",
              "status": "affected",
              "version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/alternative.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.270",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.199",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.136",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.59",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.297",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.270",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.199",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.136",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.59",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.8",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:38:09.999Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"
        }
      ],
      "title": "x86/alternatives: Disable KASAN in apply_alternatives()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52504",
    "datePublished": "2024-03-02T21:52:18.500Z",
    "dateReserved": "2024-02-20T12:30:33.314Z",
    "dateUpdated": "2025-05-04T07:38:09.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-07834

CVE-2023-52504 (GCVE-0-2023-52504)

Tags

Sightings

Nomenclature