fkie_cve-2023-53224
Vulnerability from fkie_nvd
Published
2025-09-15 15:15
Modified
2025-09-15 15:22
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4_feat_ktype With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. ext4_feat_ktype was setting the "release" handler to "kfree", which doesn't have a matching function prototype. Add a simple wrapper with the correct prototype. This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches. Note that this code is only reached when ext4 is a loadable module and it is being unloaded: CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698) ... RIP: 0010:kobject_put+0xbb/0x1b0 ... Call Trace: <TASK> ext4_exit_sysfs+0x14/0x60 [ext4] cleanup_module+0x67/0xedb [ext4]
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0a1394e07c5d6bf1bfc25db8589ff1b1bfb6f46a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/118901ad1f25d2334255b3d50512fa20591531cd
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1ba10d3640e9783dad811fe4e24d55465c37c64d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2b69cdd9f9a7f596e3dd31f05f9852940d177924
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/94d8de83286fb1827340eba35b61c308f6b46ead
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/99e3fd21f8fc975c95e8cf76fbf6a3d2656f8f71
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c98077f7598a562f51051eec043be0cb3e1b1b5e
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: Fix function prototype mismatch for ext4_feat_ktype\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed.\n\next4_feat_ktype was setting the \"release\" handler to \"kfree\", which\ndoesn\u0027t have a matching function prototype. Add a simple wrapper\nwith the correct prototype.\n\nThis was found as a result of Clang\u0027s new -Wcast-function-type-strict\nflag, which is more sensitive than the simpler -Wcast-function-type,\nwhich only checks for type width mismatches.\n\nNote that this code is only reached when ext4 is a loadable module and\nit is being unloaded:\n\n CFI failure at kobject_put+0xbb/0x1b0 (target: kfree+0x0/0x180; expected type: 0x7c4aa698)\n ...\n RIP: 0010:kobject_put+0xbb/0x1b0\n ...\n Call Trace:\n  \u003cTASK\u003e\n  ext4_exit_sysfs+0x14/0x60 [ext4]\n  cleanup_module+0x67/0xedb [ext4]"
    }
  ],
  "id": "CVE-2023-53224",
  "lastModified": "2025-09-15T15:22:27.090",
  "metrics": {},
  "published": "2025-09-15T15:15:49.243",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0a1394e07c5d6bf1bfc25db8589ff1b1bfb6f46a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/118901ad1f25d2334255b3d50512fa20591531cd"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1ba10d3640e9783dad811fe4e24d55465c37c64d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2b69cdd9f9a7f596e3dd31f05f9852940d177924"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/94d8de83286fb1827340eba35b61c308f6b46ead"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/99e3fd21f8fc975c95e8cf76fbf6a3d2656f8f71"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c98077f7598a562f51051eec043be0cb3e1b1b5e"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.