cve-2023-52745
Vulnerability from cvelistv5
Published
2024-05-21 15:23
Modified
2024-11-04 14:51
Severity ?
Summary
IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
Impacted products
Vendor Product Version
Linux Linux Version: 5.4.229   
Version: 5.10.163   
Version: 5.15.86   
Version: 6.1.2   
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a779187db39b2f32d048a752573e56e4e77807f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1afb666c32931667c15ad1b58e7203f0119dcaf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b4ef90cbcfa603b3bb536fbd6f261197012b6f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7197460dcd43ff0e4a502ba855dd82d37c2848cc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e632291a2dbce45a24cddeb5fe28fe71d724ba43"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52745",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:37:28.815664Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:34.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/ipoib/ipoib_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4a779187db39",
              "status": "affected",
              "version": "d4bf3fcccd18",
              "versionType": "git"
            },
            {
              "lessThan": "b1afb666c329",
              "status": "affected",
              "version": "d21714134505",
              "versionType": "git"
            },
            {
              "lessThan": "1b4ef90cbcfa",
              "status": "affected",
              "version": "ca48174a7643",
              "versionType": "git"
            },
            {
              "lessThan": "7197460dcd43",
              "status": "affected",
              "version": "ee0e9b2c4b9c",
              "versionType": "git"
            },
            {
              "lessThan": "e632291a2dbc",
              "status": "affected",
              "version": "dbc94a0fb817",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/ipoib/ipoib_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.4.232",
              "status": "affected",
              "version": "5.4.229",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.168",
              "status": "affected",
              "version": "5.10.163",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.94",
              "status": "affected",
              "version": "5.15.86",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.12",
              "status": "affected",
              "version": "6.1.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/IPoIB: Fix legacy IPoIB due to wrong number of queues\n\nThe cited commit creates child PKEY interfaces over netlink will\nmultiple tx and rx queues, but some devices doesn\u0027t support more than 1\ntx and 1 rx queues. This causes to a crash when traffic is sent over the\nPKEY interface due to the parent having a single queue but the child\nhaving multiple queues.\n\nThis patch fixes the number of queues to 1 for legacy IPoIB at the\nearliest possible point in time.\n\nBUG: kernel NULL pointer dereference, address: 000000000000036b\nPGD 0 P4D 0\nOops: 0000 [#1] SMP\nCPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:kmem_cache_alloc+0xcb/0x450\nCode: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a\n01 49 8b 3c 24 \u003c49\u003e 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 b8 41 8b\nRSP: 0018:ffff88822acbbab8 EFLAGS: 00010202\nRAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae\nRDX: 00000000064f8dad RSI: 0000000000000a20 RDI: 0000000000030d00\nRBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40\nR10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000\nR13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000\nFS:  00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n skb_clone+0x55/0xd0\n ip6_finish_output2+0x3fe/0x690\n ip6_finish_output+0xfa/0x310\n ip6_send_skb+0x1e/0x60\n udp_v6_send_skb+0x1e5/0x420\n udpv6_sendmsg+0xb3c/0xe60\n ? ip_mc_finish_output+0x180/0x180\n ? __switch_to_asm+0x3a/0x60\n ? __switch_to_asm+0x34/0x60\n sock_sendmsg+0x33/0x40\n __sys_sendto+0x103/0x160\n ? _copy_to_user+0x21/0x30\n ? kvm_clock_get_cycles+0xd/0x10\n ? ktime_get_ts64+0x49/0xe0\n __x64_sys_sendto+0x25/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f9374f1ed14\nCode: 42 41 f8 ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b\n7c 24 08 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 68 41 f8 ff 48 8b\nRSP: 002b:00007f9324ff7bd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f9324ff7cc8 RCX: 00007f9374f1ed14\nRDX: 00000000000002fb RSI: 00007f93000052f0 RDI: 0000000000000030\nRBP: 0000000000000000 R08: 00007f9324ff7d40 R09: 000000000000001c\nR10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\nR13: 000000012a05f200 R14: 0000000000000001 R15: 00007f9374d57bdc\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T14:51:53.382Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4a779187db39b2f32d048a752573e56e4e77807f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1afb666c32931667c15ad1b58e7203f0119dcaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b4ef90cbcfa603b3bb536fbd6f261197012b6f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/7197460dcd43ff0e4a502ba855dd82d37c2848cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/e632291a2dbce45a24cddeb5fe28fe71d724ba43"
        }
      ],
      "title": "IB/IPoIB: Fix legacy IPoIB due to wrong number of queues",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52745",
    "datePublished": "2024-05-21T15:23:06.595Z",
    "dateReserved": "2024-05-21T15:19:24.233Z",
    "dateUpdated": "2024-11-04T14:51:53.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52745\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T16:15:14.303\",\"lastModified\":\"2024-11-21T08:40:29.767\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nIB/IPoIB: Fix legacy IPoIB due to wrong number of queues\\n\\nThe cited commit creates child PKEY interfaces over netlink will\\nmultiple tx and rx queues, but some devices doesn\u0027t support more than 1\\ntx and 1 rx queues. This causes to a crash when traffic is sent over the\\nPKEY interface due to the parent having a single queue but the child\\nhaving multiple queues.\\n\\nThis patch fixes the number of queues to 1 for legacy IPoIB at the\\nearliest possible point in time.\\n\\nBUG: kernel NULL pointer dereference, address: 000000000000036b\\nPGD 0 P4D 0\\nOops: 0000 [#1] SMP\\nCPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1\\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\\nRIP: 0010:kmem_cache_alloc+0xcb/0x450\\nCode: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a\\n01 49 8b 3c 24 \u003c49\u003e 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 b8 41 8b\\nRSP: 0018:ffff88822acbbab8 EFLAGS: 00010202\\nRAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae\\nRDX: 00000000064f8dad RSI: 0000000000000a20 RDI: 0000000000030d00\\nRBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40\\nR10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000\\nR13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000\\nFS:  00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n \u003cTASK\u003e\\n skb_clone+0x55/0xd0\\n ip6_finish_output2+0x3fe/0x690\\n ip6_finish_output+0xfa/0x310\\n ip6_send_skb+0x1e/0x60\\n udp_v6_send_skb+0x1e5/0x420\\n udpv6_sendmsg+0xb3c/0xe60\\n ? ip_mc_finish_output+0x180/0x180\\n ? __switch_to_asm+0x3a/0x60\\n ? __switch_to_asm+0x34/0x60\\n sock_sendmsg+0x33/0x40\\n __sys_sendto+0x103/0x160\\n ? _copy_to_user+0x21/0x30\\n ? kvm_clock_get_cycles+0xd/0x10\\n ? ktime_get_ts64+0x49/0xe0\\n __x64_sys_sendto+0x25/0x30\\n do_syscall_64+0x3d/0x90\\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\\nRIP: 0033:0x7f9374f1ed14\\nCode: 42 41 f8 ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b\\n7c 24 08 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 68 41 f8 ff 48 8b\\nRSP: 002b:00007f9324ff7bd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c\\nRAX: ffffffffffffffda RBX: 00007f9324ff7cc8 RCX: 00007f9374f1ed14\\nRDX: 00000000000002fb RSI: 00007f93000052f0 RDI: 0000000000000030\\nRBP: 0000000000000000 R08: 00007f9324ff7d40 R09: 000000000000001c\\nR10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\\nR13: 000000012a05f200 R14: 0000000000000001 R15: 00007f9374d57bdc\\n \u003c/TASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: IB/IPoIB: corrige el IPoIB heredado debido a un n\u00famero incorrecto de colas. La confirmaci\u00f3n citada crea interfaces PKEY secundarias a trav\u00e9s de netlink y tendr\u00e1 m\u00faltiples colas de transmisi\u00f3n y recepci\u00f3n, pero algunos dispositivos no admiten m\u00e1s de Colas 1 tx y 1 rx. Esto provoca un bloqueo cuando el tr\u00e1fico se env\u00eda a trav\u00e9s de la interfaz PKEY debido a que el padre tiene una sola cola pero el hijo tiene varias colas. Este parche fija el n\u00famero de colas en 1 para IPoIB heredado lo antes posible. ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 000000000000036b PGD 0 P4D 0 Ups: 0000 [#1] SMP CPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1 Nombre de hardware: PC est\u00e1ndar (Q35 + ICH9, 2009 ), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 RIP: 0010:kmem_cache_alloc+0xcb/0x450 C\u00f3digo: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a 01 49 8b 3c 24 \u0026lt;49\u0026gt; 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 4 c0 74 b8 41 8b RSP: 0018:ffff88822acbbab8 EFLAGS: 00010202 RAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae RDX: 00000000064f8dad RSI: 00000a20 RDI: 0000000000030d00 RBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40 R10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000 R13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000 FS: 00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0050033 CR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 0DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas:  skb_clone+0x55/0xd0 ip6_finish_output2+0x3fe/0x690 ip6_finish_output+0xfa/0x310 _skb+0x1e/0x60 udp_v6_send_skb+0x1e5/0x420 udpv6_sendmsg+0xb3c/0xe60 ? ip_mc_finish_output+0x180/0x180? __switch_to_asm+0x3a/0x60? __switch_to_asm+0x34/0x60 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? _copy_to_user+0x21/0x30 ? kvm_clock_get_cycles+0xd/0x10? ktime_get_ts64+0x49/0xe0 __x64_sys_sendto+0x25/0x30 do_syscall_64+0x3d/0x90 Entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f9374f1ed14 C\u00f3digo: 42 41 f8 ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 68 41 f8 ff 48 8b RSP 002 b:00007f9324ff7bd0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f9324ff7cc8 RCX: 00007f9374f1ed14 RDX: 00000000000002fb RSI: 00007f93000052f0 RDI: 0000000000000030 RBP: 0000000000000000 R08: 00007f9324ff7d40 R09: 000000000000001c R10: 0000000000000000 R11: 00000000000000293 R 12: 0000000000000000 R13: 000000012a05f200 R14: 0000000000000001 R15: 00007f9374d57bdc \u0026lt; /TAREA\u0026gt;\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1b4ef90cbcfa603b3bb536fbd6f261197012b6f6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4a779187db39b2f32d048a752573e56e4e77807f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7197460dcd43ff0e4a502ba855dd82d37c2848cc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b1afb666c32931667c15ad1b58e7203f0119dcaf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e632291a2dbce45a24cddeb5fe28fe71d724ba43\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1b4ef90cbcfa603b3bb536fbd6f261197012b6f6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/4a779187db39b2f32d048a752573e56e4e77807f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/7197460dcd43ff0e4a502ba855dd82d37c2848cc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b1afb666c32931667c15ad1b58e7203f0119dcaf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/e632291a2dbce45a24cddeb5fe28fe71d724ba43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.