cvelistv5 - cve-2023-53642

CVE-2023-53642 (GCVE-0-2023-53642)

Vulnerability from cvelistv5

Published

2025-10-07 15:19

Modified

2025-10-10 16:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: x86: fix clear_user_rep_good() exception handling annotation This code no longer exists in mainline, because it was removed in commit d2c95f9d6802 ("x86: don't use REP_GOOD or ERMS for user memory clearing") upstream. However, rather than backport the full range of x86 memory clearing and copying cleanups, fix the exception table annotation placement for the final 'rep movsb' in clear_user_rep_good(): rather than pointing at the actual instruction that did the user space access, it pointed to the register move just before it. That made sense from a code flow standpoint, but not from an actual usage standpoint: it means that if user access takes an exception, the exception handler won't actually find the instruction in the exception tables. As a result, rather than fixing it up and returning -EFAULT, it would then turn it into a kernel oops report instead, something like: BUG: unable to handle page fault for address: 0000000020081000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page ... RIP: 0010:clear_user_rep_good+0x1c/0x30 arch/x86/lib/clear_page_64.S:147 ... Call Trace: __clear_user arch/x86/include/asm/uaccess_64.h:103 [inline] clear_user arch/x86/include/asm/uaccess_64.h:124 [inline] iov_iter_zero+0x709/0x1290 lib/iov_iter.c:800 iomap_dio_hole_iter fs/iomap/direct-io.c:389 [inline] iomap_dio_iter fs/iomap/direct-io.c:440 [inline] __iomap_dio_rw+0xe3d/0x1cd0 fs/iomap/direct-io.c:601 iomap_dio_rw+0x40/0xa0 fs/iomap/direct-io.c:689 ext4_dio_read_iter fs/ext4/file.c:94 [inline] ext4_file_read_iter+0x4be/0x690 fs/ext4/file.c:145 call_read_iter include/linux/fs.h:2183 [inline] do_iter_readv_writev+0x2e0/0x3b0 fs/read_write.c:733 do_iter_read+0x2f2/0x750 fs/read_write.c:796 vfs_readv+0xe5/0x150 fs/read_write.c:916 do_preadv+0x1b6/0x270 fs/read_write.c:1008 __do_sys_preadv2 fs/read_write.c:1070 [inline] __se_sys_preadv2 fs/read_write.c:1061 [inline] __x64_sys_preadv2+0xef/0x150 fs/read_write.c:1061 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd which then looks like a filesystem bug rather than the incorrect exception annotation that it is. [ The alternative to this one-liner fix is to take the upstream series that cleans this all up: 68674f94ffc9 ("x86: don't use REP_GOOD or ERMS for small memory copies") 20f3337d350c ("x86: don't use REP_GOOD or ERMS for small memory clearing") adfcf4231b8c ("x86: don't use REP_GOOD or ERMS for user memory copies") * d2c95f9d6802 ("x86: don't use REP_GOOD or ERMS for user memory clearing") 3639a535587d ("x86: move stac/clac from user copy routines into callers") 577e6a7fd50d ("x86: inline the 'rep movs' in user copies for the FSRM case") 8c9b6a88b7e2 ("x86: improve on the non-rep 'clear_user' function") 427fda2c8a49 ("x86: improve on the non-rep 'copy_user' function") * e046fe5a36a9 ("x86: set FSRS automatically on AMD CPUs that have FSRM") e1f2750edc4a ("x86: remove 'zerorest' argument from __copy_user_nocache()") 034ff37d3407 ("x86: rewrite '__copy_user_nocache' function") with either the whole series or at a minimum the two marked commits being needed to fix this issue ]

References

URL

wid-sec-w-2025-2229

Vulnerability from csaf_certbund

Published

2025-10-07 22:00

Modified

2025-11-20 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und andere nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und andere nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2229 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2229.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2229 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2229"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50509",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100755-CVE-2022-50509-e40c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50510",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2022-50510-c055@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50511",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2022-50511-5d8d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50512",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2022-50512-f95b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50513",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100702-CVE-2022-50513-8fee@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50514",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100702-CVE-2022-50514-cca3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50515",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100702-CVE-2022-50515-fff8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50516",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100703-CVE-2022-50516-3b07@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50517",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100703-CVE-2022-50517-6166@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50518",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100703-CVE-2022-50518-0bf9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50519",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100704-CVE-2022-50519-4c44@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50520",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100704-CVE-2022-50520-9faa@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50521",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100704-CVE-2022-50521-fd26@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50522",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100704-CVE-2022-50522-fb63@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50523",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2022-50523-d569@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50524",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2022-50524-f437@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50525",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2022-50525-e70b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50526",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2022-50526-abd9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50527",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2022-50527-de17@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50528",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2022-50528-1d20@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50529",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2022-50529-d55b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50530",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2022-50530-ef6b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50531",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2022-50531-a29b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50532",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2022-50532-430b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50533",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2022-50533-7dfc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50534",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2022-50534-8900@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50535",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100753-CVE-2022-50535-a9a9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50536",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100754-CVE-2022-50536-baea@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50537",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100754-CVE-2022-50537-897a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50538",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100754-CVE-2022-50538-3f3d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50539",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100755-CVE-2022-50539-4f53@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50540",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100755-CVE-2022-50540-46a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50541",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100756-CVE-2022-50541-e1fe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50542",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100756-CVE-2022-50542-e0eb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50543",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100756-CVE-2022-50543-597d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50544",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100757-CVE-2022-50544-f012@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50545",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100757-CVE-2022-50545-f879@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50546",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100757-CVE-2022-50546-ef71@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50547",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100758-CVE-2022-50547-5bb8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50548",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100758-CVE-2022-50548-5721@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50549",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100758-CVE-2022-50549-cb07@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50550",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100759-CVE-2022-50550-7147@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50551",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100759-CVE-2022-50551-7398@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50552",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100759-CVE-2022-50552-5100@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50553",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100700-CVE-2022-50553-8917@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50554",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100700-CVE-2022-50554-f4fb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2022-50555",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100700-CVE-2022-50555-18e1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53617",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53617-909b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53618",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53618-7074@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53619",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53619-03f0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53620",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53620-3924@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53621",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100710-CVE-2023-53621-b6f9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53622",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100710-CVE-2023-53622-2f9b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53623",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100710-CVE-2023-53623-2687@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53624",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100711-CVE-2023-53624-7a7c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53625",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100711-CVE-2023-53625-3f41@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53626",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100711-CVE-2023-53626-24ed@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53627",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100711-CVE-2023-53627-aaa6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53628",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100712-CVE-2023-53628-a5b2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53629",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100712-CVE-2023-53629-042c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53630",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100712-CVE-2023-53630-4242@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53631",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100713-CVE-2023-53631-0542@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53632",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100713-CVE-2023-53632-d2de@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53633",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100713-CVE-2023-53633-0983@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53634",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100714-CVE-2023-53634-8155@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53635",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100714-CVE-2023-53635-de6f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53636",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100714-CVE-2023-53636-20bd@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53637",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100715-CVE-2023-53637-32c9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53638",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100715-CVE-2023-53638-ded7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53639",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100715-CVE-2023-53639-2919@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53640",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100715-CVE-2023-53640-3db3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53641",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100716-CVE-2023-53641-ed0e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53642",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100716-CVE-2023-53642-a8f8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53643",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100716-CVE-2023-53643-4725@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53644",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100717-CVE-2023-53644-efaa@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53645",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100717-CVE-2023-53645-6c08@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53646",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100717-CVE-2023-53646-c40e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53647",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100718-CVE-2023-53647-c01f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53648",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100718-CVE-2023-53648-3c04@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53649",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100718-CVE-2023-53649-0a4a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53650",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100718-CVE-2023-53650-4628@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53651",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100719-CVE-2023-53651-c6c7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53652",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100719-CVE-2023-53652-d67a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53653",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100719-CVE-2023-53653-6f54@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53654",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100720-CVE-2023-53654-dcad@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53655",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2023-53655-d389@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53656",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2023-53656-1a7b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53657",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2023-53657-d0c7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53658",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2023-53658-3680@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53659",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100702-CVE-2023-53659-8f24@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53660",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100702-CVE-2023-53660-92d3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53661",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100702-CVE-2023-53661-6142@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53662",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100703-CVE-2023-53662-475f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53663",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100703-CVE-2023-53663-0a4e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53664",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100703-CVE-2023-53664-a38d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53665",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100704-CVE-2023-53665-3411@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53666",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100704-CVE-2023-53666-62bb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53667",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100704-CVE-2023-53667-9b2e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53668",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2023-53668-b06b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53669",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2023-53669-f81f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53670",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2023-53670-46fe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53671",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2023-53671-a34e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53672",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2023-53672-cfad@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53673",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2023-53673-36b9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53674",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2023-53674-af85@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53675",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2023-53675-e7ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53676",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2023-53676-e7fb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53677",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2023-53677-1cc8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53678",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53678-b370@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53679",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53679-929a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53680",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53680-501d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53681",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53681-7a5a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53682",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53682-10e4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53683",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53683-249f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53684",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53684-db58@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53685",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100710-CVE-2023-53685-68d1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53686",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100710-CVE-2023-53686-f117@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2023-53687",
        "url": "https://lore.kernel.org/linux-cve-announce/2025100710-CVE-2023-53687-c50c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3075 vom 2025-11-11",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3075.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-110 vom 2025-11-11",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-110.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-114 vom 2025-11-11",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-114.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4057-1 vom 2025-11-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023254.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4111-1 vom 2025-11-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023294.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4135-1 vom 2025-11-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023300.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4128-1 vom 2025-11-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023299.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4132-1 vom 2025-11-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023302.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4139-1 vom 2025-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023306.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4141-1 vom 2025-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023304.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4140-1 vom 2025-11-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023305.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4149-1 vom 2025-11-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023309.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-20T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-21T08:23:32.570+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2229",
      "initial_release_date": "2025-10-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-32037, EUVD-2025-32011, EUVD-2025-32012, EUVD-2025-32013, EUVD-2025-32021, EUVD-2025-32022, EUVD-2025-32023, EUVD-2025-32031, EUVD-2025-32032, EUVD-2025-32033, EUVD-2025-32035, EUVD-2025-32036, EUVD-2025-32038, EUVD-2025-32039, EUVD-2025-32040, EUVD-2025-32041, EUVD-2025-32042, EUVD-2025-32043, EUVD-2025-32044, EUVD-2025-32045, EUVD-2025-32046, EUVD-2025-32047, EUVD-2025-32051, EUVD-2025-32052, EUVD-2025-32014, EUVD-2025-32015, EUVD-2025-32016, EUVD-2025-32017, EUVD-2025-32018, EUVD-2025-32019, EUVD-2025-32020, EUVD-2025-32005, EUVD-2025-32006, EUVD-2025-32007, EUVD-2025-32008, EUVD-2025-32009, EUVD-2025-32010"
        },
        {
          "date": "2025-11-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-11-11T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-16T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-19T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-20T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T047475",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-50509",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50509"
    },
    {
      "cve": "CVE-2022-50510",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50510"
    },
    {
      "cve": "CVE-2022-50511",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50511"
    },
    {
      "cve": "CVE-2022-50512",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50512"
    },
    {
      "cve": "CVE-2022-50513",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50513"
    },
    {
      "cve": "CVE-2022-50514",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50514"
    },
    {
      "cve": "CVE-2022-50515",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50515"
    },
    {
      "cve": "CVE-2022-50516",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50516"
    },
    {
      "cve": "CVE-2022-50517",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50517"
    },
    {
      "cve": "CVE-2022-50518",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50518"
    },
    {
      "cve": "CVE-2022-50519",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50519"
    },
    {
      "cve": "CVE-2022-50520",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50520"
    },
    {
      "cve": "CVE-2022-50521",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50521"
    },
    {
      "cve": "CVE-2022-50522",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50522"
    },
    {
      "cve": "CVE-2022-50523",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50523"
    },
    {
      "cve": "CVE-2022-50524",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50524"
    },
    {
      "cve": "CVE-2022-50525",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50525"
    },
    {
      "cve": "CVE-2022-50526",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50526"
    },
    {
      "cve": "CVE-2022-50527",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50527"
    },
    {
      "cve": "CVE-2022-50528",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50528"
    },
    {
      "cve": "CVE-2022-50529",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50529"
    },
    {
      "cve": "CVE-2022-50530",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50530"
    },
    {
      "cve": "CVE-2022-50531",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50531"
    },
    {
      "cve": "CVE-2022-50532",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50532"
    },
    {
      "cve": "CVE-2022-50533",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50533"
    },
    {
      "cve": "CVE-2022-50534",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50534"
    },
    {
      "cve": "CVE-2022-50535",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50535"
    },
    {
      "cve": "CVE-2022-50536",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50536"
    },
    {
      "cve": "CVE-2022-50537",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50537"
    },
    {
      "cve": "CVE-2022-50538",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50538"
    },
    {
      "cve": "CVE-2022-50539",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50539"
    },
    {
      "cve": "CVE-2022-50540",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50540"
    },
    {
      "cve": "CVE-2022-50541",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50541"
    },
    {
      "cve": "CVE-2022-50542",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50542"
    },
    {
      "cve": "CVE-2022-50543",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50543"
    },
    {
      "cve": "CVE-2022-50544",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50544"
    },
    {
      "cve": "CVE-2022-50545",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50545"
    },
    {
      "cve": "CVE-2022-50546",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50546"
    },
    {
      "cve": "CVE-2022-50547",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50547"
    },
    {
      "cve": "CVE-2022-50548",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50548"
    },
    {
      "cve": "CVE-2022-50549",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50549"
    },
    {
      "cve": "CVE-2022-50550",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50550"
    },
    {
      "cve": "CVE-2022-50551",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50551"
    },
    {
      "cve": "CVE-2022-50552",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50552"
    },
    {
      "cve": "CVE-2022-50553",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50553"
    },
    {
      "cve": "CVE-2022-50554",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50554"
    },
    {
      "cve": "CVE-2022-50555",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2022-50555"
    },
    {
      "cve": "CVE-2023-3773",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-3773"
    },
    {
      "cve": "CVE-2023-53617",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53617"
    },
    {
      "cve": "CVE-2023-53618",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53618"
    },
    {
      "cve": "CVE-2023-53619",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53619"
    },
    {
      "cve": "CVE-2023-53620",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53620"
    },
    {
      "cve": "CVE-2023-53621",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53621"
    },
    {
      "cve": "CVE-2023-53622",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53622"
    },
    {
      "cve": "CVE-2023-53623",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53623"
    },
    {
      "cve": "CVE-2023-53624",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53624"
    },
    {
      "cve": "CVE-2023-53625",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53625"
    },
    {
      "cve": "CVE-2023-53626",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53626"
    },
    {
      "cve": "CVE-2023-53627",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53627"
    },
    {
      "cve": "CVE-2023-53628",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53628"
    },
    {
      "cve": "CVE-2023-53629",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53629"
    },
    {
      "cve": "CVE-2023-53630",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53630"
    },
    {
      "cve": "CVE-2023-53631",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53631"
    },
    {
      "cve": "CVE-2023-53632",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53632"
    },
    {
      "cve": "CVE-2023-53633",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53633"
    },
    {
      "cve": "CVE-2023-53634",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53634"
    },
    {
      "cve": "CVE-2023-53635",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53635"
    },
    {
      "cve": "CVE-2023-53636",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53636"
    },
    {
      "cve": "CVE-2023-53637",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53637"
    },
    {
      "cve": "CVE-2023-53638",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53638"
    },
    {
      "cve": "CVE-2023-53639",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53639"
    },
    {
      "cve": "CVE-2023-53640",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53640"
    },
    {
      "cve": "CVE-2023-53641",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53641"
    },
    {
      "cve": "CVE-2023-53642",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53642"
    },
    {
      "cve": "CVE-2023-53643",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53643"
    },
    {
      "cve": "CVE-2023-53644",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53644"
    },
    {
      "cve": "CVE-2023-53645",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53645"
    },
    {
      "cve": "CVE-2023-53646",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53646"
    },
    {
      "cve": "CVE-2023-53647",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53647"
    },
    {
      "cve": "CVE-2023-53648",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53648"
    },
    {
      "cve": "CVE-2023-53649",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53649"
    },
    {
      "cve": "CVE-2023-53650",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53650"
    },
    {
      "cve": "CVE-2023-53651",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53651"
    },
    {
      "cve": "CVE-2023-53652",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53652"
    },
    {
      "cve": "CVE-2023-53653",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53653"
    },
    {
      "cve": "CVE-2023-53654",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53654"
    },
    {
      "cve": "CVE-2023-53655",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53655"
    },
    {
      "cve": "CVE-2023-53656",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53656"
    },
    {
      "cve": "CVE-2023-53657",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53657"
    },
    {
      "cve": "CVE-2023-53658",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53658"
    },
    {
      "cve": "CVE-2023-53659",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53659"
    },
    {
      "cve": "CVE-2023-53660",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53660"
    },
    {
      "cve": "CVE-2023-53661",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53661"
    },
    {
      "cve": "CVE-2023-53662",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53662"
    },
    {
      "cve": "CVE-2023-53663",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53663"
    },
    {
      "cve": "CVE-2023-53664",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53664"
    },
    {
      "cve": "CVE-2023-53665",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53665"
    },
    {
      "cve": "CVE-2023-53666",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53666"
    },
    {
      "cve": "CVE-2023-53667",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53667"
    },
    {
      "cve": "CVE-2023-53668",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53668"
    },
    {
      "cve": "CVE-2023-53669",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53669"
    },
    {
      "cve": "CVE-2023-53670",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53670"
    },
    {
      "cve": "CVE-2023-53671",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53671"
    },
    {
      "cve": "CVE-2023-53672",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53672"
    },
    {
      "cve": "CVE-2023-53673",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53673"
    },
    {
      "cve": "CVE-2023-53674",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53674"
    },
    {
      "cve": "CVE-2023-53675",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53675"
    },
    {
      "cve": "CVE-2023-53676",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53676"
    },
    {
      "cve": "CVE-2023-53677",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53677"
    },
    {
      "cve": "CVE-2023-53678",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53678"
    },
    {
      "cve": "CVE-2023-53679",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53679"
    },
    {
      "cve": "CVE-2023-53680",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53680"
    },
    {
      "cve": "CVE-2023-53681",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53681"
    },
    {
      "cve": "CVE-2023-53682",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53682"
    },
    {
      "cve": "CVE-2023-53683",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53683"
    },
    {
      "cve": "CVE-2023-53684",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53684"
    },
    {
      "cve": "CVE-2023-53685",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53685"
    },
    {
      "cve": "CVE-2023-53686",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53686"
    },
    {
      "cve": "CVE-2023-53687",
      "product_status": {
        "known_affected": [
          "T002207",
          "T047475",
          "398363"
        ]
      },
      "release_date": "2025-10-07T22:00:00.000+00:00",
      "title": "CVE-2023-53687"
    }
  ]
}

ghsa-h9cf-c7q8-gcqh

Vulnerability from github

Published

2025-10-07 18:31

Modified

2025-10-10 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

x86: fix clear_user_rep_good() exception handling annotation

This code no longer exists in mainline, because it was removed in commit d2c95f9d6802 ("x86: don't use REP_GOOD or ERMS for user memory clearing") upstream.

However, rather than backport the full range of x86 memory clearing and copying cleanups, fix the exception table annotation placement for the final 'rep movsb' in clear_user_rep_good(): rather than pointing at the actual instruction that did the user space access, it pointed to the register move just before it.

That made sense from a code flow standpoint, but not from an actual usage standpoint: it means that if user access takes an exception, the exception handler won't actually find the instruction in the exception tables.

As a result, rather than fixing it up and returning -EFAULT, it would then turn it into a kernel oops report instead, something like:

BUG: unable to handle page fault for address: 0000000020081000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
...
RIP: 0010:clear_user_rep_good+0x1c/0x30 arch/x86/lib/clear_page_64.S:147
...
Call Trace:
  __clear_user arch/x86/include/asm/uaccess_64.h:103 [inline]
  clear_user arch/x86/include/asm/uaccess_64.h:124 [inline]
  iov_iter_zero+0x709/0x1290 lib/iov_iter.c:800
  iomap_dio_hole_iter fs/iomap/direct-io.c:389 [inline]
  iomap_dio_iter fs/iomap/direct-io.c:440 [inline]
  __iomap_dio_rw+0xe3d/0x1cd0 fs/iomap/direct-io.c:601
  iomap_dio_rw+0x40/0xa0 fs/iomap/direct-io.c:689
  ext4_dio_read_iter fs/ext4/file.c:94 [inline]
  ext4_file_read_iter+0x4be/0x690 fs/ext4/file.c:145
  call_read_iter include/linux/fs.h:2183 [inline]
  do_iter_readv_writev+0x2e0/0x3b0 fs/read_write.c:733
  do_iter_read+0x2f2/0x750 fs/read_write.c:796
  vfs_readv+0xe5/0x150 fs/read_write.c:916
  do_preadv+0x1b6/0x270 fs/read_write.c:1008
  __do_sys_preadv2 fs/read_write.c:1070 [inline]
  __se_sys_preadv2 fs/read_write.c:1061 [inline]
  __x64_sys_preadv2+0xef/0x150 fs/read_write.c:1061
  do_syscall_x64 arch/x86/entry/common.c:50 [inline]
  do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
  entry_SYSCALL_64_after_hwframe+0x63/0xcd

which then looks like a filesystem bug rather than the incorrect exception annotation that it is.

[ The alternative to this one-liner fix is to take the upstream series that cleans this all up:

68674f94ffc9 ("x86: don't use REP_GOOD or ERMS for small memory copies")
20f3337d350c ("x86: don't use REP_GOOD or ERMS for small memory clearing")
adfcf4231b8c ("x86: don't use REP_GOOD or ERMS for user memory copies")

d2c95f9d6802 ("x86: don't use REP_GOOD or ERMS for user memory clearing") 3639a535587d ("x86: move stac/clac from user copy routines into callers") 577e6a7fd50d ("x86: inline the 'rep movs' in user copies for the FSRM case") 8c9b6a88b7e2 ("x86: improve on the non-rep 'clear_user' function") 427fda2c8a49 ("x86: improve on the non-rep 'copy_user' function")
e046fe5a36a9 ("x86: set FSRS automatically on AMD CPUs that have FSRM") e1f2750edc4a ("x86: remove 'zerorest' argument from __copy_user_nocache()") 034ff37d3407 ("x86: rewrite '__copy_user_nocache' function")

with either the whole series or at a minimum the two marked commits being needed to fix this issue ]

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-53642"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T16:15:47Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix clear_user_rep_good() exception handling annotation\n\nThis code no longer exists in mainline, because it was removed in\ncommit d2c95f9d6802 (\"x86: don\u0027t use REP_GOOD or ERMS for user memory\nclearing\") upstream.\n\nHowever, rather than backport the full range of x86 memory clearing and\ncopying cleanups, fix the exception table annotation placement for the\nfinal \u0027rep movsb\u0027 in clear_user_rep_good(): rather than pointing at the\nactual instruction that did the user space access, it pointed to the\nregister move just before it.\n\nThat made sense from a code flow standpoint, but not from an actual\nusage standpoint: it means that if user access takes an exception, the\nexception handler won\u0027t actually find the instruction in the exception\ntables.\n\nAs a result, rather than fixing it up and returning -EFAULT, it would\nthen turn it into a kernel oops report instead, something like:\n\n    BUG: unable to handle page fault for address: 0000000020081000\n    #PF: supervisor write access in kernel mode\n    #PF: error_code(0x0002) - not-present page\n    ...\n    RIP: 0010:clear_user_rep_good+0x1c/0x30 arch/x86/lib/clear_page_64.S:147\n    ...\n    Call Trace:\n      __clear_user arch/x86/include/asm/uaccess_64.h:103 [inline]\n      clear_user arch/x86/include/asm/uaccess_64.h:124 [inline]\n      iov_iter_zero+0x709/0x1290 lib/iov_iter.c:800\n      iomap_dio_hole_iter fs/iomap/direct-io.c:389 [inline]\n      iomap_dio_iter fs/iomap/direct-io.c:440 [inline]\n      __iomap_dio_rw+0xe3d/0x1cd0 fs/iomap/direct-io.c:601\n      iomap_dio_rw+0x40/0xa0 fs/iomap/direct-io.c:689\n      ext4_dio_read_iter fs/ext4/file.c:94 [inline]\n      ext4_file_read_iter+0x4be/0x690 fs/ext4/file.c:145\n      call_read_iter include/linux/fs.h:2183 [inline]\n      do_iter_readv_writev+0x2e0/0x3b0 fs/read_write.c:733\n      do_iter_read+0x2f2/0x750 fs/read_write.c:796\n      vfs_readv+0xe5/0x150 fs/read_write.c:916\n      do_preadv+0x1b6/0x270 fs/read_write.c:1008\n      __do_sys_preadv2 fs/read_write.c:1070 [inline]\n      __se_sys_preadv2 fs/read_write.c:1061 [inline]\n      __x64_sys_preadv2+0xef/0x150 fs/read_write.c:1061\n      do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n      do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n      entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nwhich then looks like a filesystem bug rather than the incorrect\nexception annotation that it is.\n\n[ The alternative to this one-liner fix is to take the upstream series\n  that cleans this all up:\n\n    68674f94ffc9 (\"x86: don\u0027t use REP_GOOD or ERMS for small memory copies\")\n    20f3337d350c (\"x86: don\u0027t use REP_GOOD or ERMS for small memory clearing\")\n    adfcf4231b8c (\"x86: don\u0027t use REP_GOOD or ERMS for user memory copies\")\n  * d2c95f9d6802 (\"x86: don\u0027t use REP_GOOD or ERMS for user memory clearing\")\n    3639a535587d (\"x86: move stac/clac from user copy routines into callers\")\n    577e6a7fd50d (\"x86: inline the \u0027rep movs\u0027 in user copies for the FSRM case\")\n    8c9b6a88b7e2 (\"x86: improve on the non-rep \u0027clear_user\u0027 function\")\n    427fda2c8a49 (\"x86: improve on the non-rep \u0027copy_user\u0027 function\")\n  * e046fe5a36a9 (\"x86: set FSRS automatically on AMD CPUs that have FSRM\")\n    e1f2750edc4a (\"x86: remove \u0027zerorest\u0027 argument from __copy_user_nocache()\")\n    034ff37d3407 (\"x86: rewrite \u0027__copy_user_nocache\u0027 function\")\n\n  with either the whole series or at a minimum the two marked commits\n  being needed to fix this issue ]",
  "id": "GHSA-h9cf-c7q8-gcqh",
  "modified": "2025-10-10T18:31:20Z",
  "published": "2025-10-07T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53642"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76ce32682635fe907e0f8e64e039e773e5c7508f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e046fe5a36a970bc14fbfbcb2074a48776f6b671"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2023-53642

Vulnerability from fkie_nvd

Published

2025-10-07 16:15

Modified

2025-10-10 16:15

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/76ce32682635fe907e0f8e64e039e773e5c7508f
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/e046fe5a36a970bc14fbfbcb2074a48776f6b671

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix clear_user_rep_good() exception handling annotation\n\nThis code no longer exists in mainline, because it was removed in\ncommit d2c95f9d6802 (\"x86: don\u0027t use REP_GOOD or ERMS for user memory\nclearing\") upstream.\n\nHowever, rather than backport the full range of x86 memory clearing and\ncopying cleanups, fix the exception table annotation placement for the\nfinal \u0027rep movsb\u0027 in clear_user_rep_good(): rather than pointing at the\nactual instruction that did the user space access, it pointed to the\nregister move just before it.\n\nThat made sense from a code flow standpoint, but not from an actual\nusage standpoint: it means that if user access takes an exception, the\nexception handler won\u0027t actually find the instruction in the exception\ntables.\n\nAs a result, rather than fixing it up and returning -EFAULT, it would\nthen turn it into a kernel oops report instead, something like:\n\n    BUG: unable to handle page fault for address: 0000000020081000\n    #PF: supervisor write access in kernel mode\n    #PF: error_code(0x0002) - not-present page\n    ...\n    RIP: 0010:clear_user_rep_good+0x1c/0x30 arch/x86/lib/clear_page_64.S:147\n    ...\n    Call Trace:\n      __clear_user arch/x86/include/asm/uaccess_64.h:103 [inline]\n      clear_user arch/x86/include/asm/uaccess_64.h:124 [inline]\n      iov_iter_zero+0x709/0x1290 lib/iov_iter.c:800\n      iomap_dio_hole_iter fs/iomap/direct-io.c:389 [inline]\n      iomap_dio_iter fs/iomap/direct-io.c:440 [inline]\n      __iomap_dio_rw+0xe3d/0x1cd0 fs/iomap/direct-io.c:601\n      iomap_dio_rw+0x40/0xa0 fs/iomap/direct-io.c:689\n      ext4_dio_read_iter fs/ext4/file.c:94 [inline]\n      ext4_file_read_iter+0x4be/0x690 fs/ext4/file.c:145\n      call_read_iter include/linux/fs.h:2183 [inline]\n      do_iter_readv_writev+0x2e0/0x3b0 fs/read_write.c:733\n      do_iter_read+0x2f2/0x750 fs/read_write.c:796\n      vfs_readv+0xe5/0x150 fs/read_write.c:916\n      do_preadv+0x1b6/0x270 fs/read_write.c:1008\n      __do_sys_preadv2 fs/read_write.c:1070 [inline]\n      __se_sys_preadv2 fs/read_write.c:1061 [inline]\n      __x64_sys_preadv2+0xef/0x150 fs/read_write.c:1061\n      do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n      do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n      entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nwhich then looks like a filesystem bug rather than the incorrect\nexception annotation that it is.\n\n[ The alternative to this one-liner fix is to take the upstream series\n  that cleans this all up:\n\n    68674f94ffc9 (\"x86: don\u0027t use REP_GOOD or ERMS for small memory copies\")\n    20f3337d350c (\"x86: don\u0027t use REP_GOOD or ERMS for small memory clearing\")\n    adfcf4231b8c (\"x86: don\u0027t use REP_GOOD or ERMS for user memory copies\")\n  * d2c95f9d6802 (\"x86: don\u0027t use REP_GOOD or ERMS for user memory clearing\")\n    3639a535587d (\"x86: move stac/clac from user copy routines into callers\")\n    577e6a7fd50d (\"x86: inline the \u0027rep movs\u0027 in user copies for the FSRM case\")\n    8c9b6a88b7e2 (\"x86: improve on the non-rep \u0027clear_user\u0027 function\")\n    427fda2c8a49 (\"x86: improve on the non-rep \u0027copy_user\u0027 function\")\n  * e046fe5a36a9 (\"x86: set FSRS automatically on AMD CPUs that have FSRM\")\n    e1f2750edc4a (\"x86: remove \u0027zerorest\u0027 argument from __copy_user_nocache()\")\n    034ff37d3407 (\"x86: rewrite \u0027__copy_user_nocache\u0027 function\")\n\n  with either the whole series or at a minimum the two marked commits\n  being needed to fix this issue ]"
    }
  ],
  "id": "CVE-2023-53642",
  "lastModified": "2025-10-10T16:15:51.447",
  "metrics": {},
  "published": "2025-10-07T16:15:47.517",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/76ce32682635fe907e0f8e64e039e773e5c7508f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e046fe5a36a970bc14fbfbcb2074a48776f6b671"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-53642 (GCVE-0-2023-53642)

Vulnerability from cvelistv5

wid-sec-w-2025-2229

Vulnerability from csaf_certbund

ghsa-h9cf-c7q8-gcqh

Vulnerability from github

fkie_cve-2023-53642

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature