powerpc/pseries/memhp: Fix access beyond end of drmem array
CVE-2023-52451

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 February 2024

What is CVE-2023-52451?

A vulnerability in the Linux kernel's handling of memory hotplugging specifically affects the PowerPC Pseries systems. The issue arises when the function 'dlpar_memory_remove_by_index()' attempts to access memory beyond the bounds of the data region memory (drmem) local memory block (lmb) array. This can lead to dereferencing a pointer that points to an invalid memory location when looking up a device resource configuration (DRC) index fails. The resulting memory access violation can manifest as a slab-out-of-bounds error, potentially leading to unpredicted disruptions or crashes. The vulnerability has been detected through rigorous inspection and confirmed using the Kernel Address Sanitizer (KASAN). Proper logging and validation of memory access are essential to circumvent this flaw.

Affected Version(s)

Linux 51925fb3c5c901aa06cdc853268a6e19e19bcdc7

Linux 51925fb3c5c901aa06cdc853268a6e19e19bcdc7 < 9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7

Linux 51925fb3c5c901aa06cdc853268a6e19e19bcdc7

References

https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c60...

https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7...

https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2024
Vulnerability Reserved
Feb 20, 2024