CVE-2023-52700
Description
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] <TASK> [ 13.398630] ? __alloc_skb+0xed/0x1a0 [ 13.398630] tipc_msg_build+0x12c/0x670 [tipc] [ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290 [ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc] [ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __local_bh_enable_ip+0x37/0x80 [ 13.398630] tipc_connect+0x1d9/0x230 [tipc] [ 13.398630] ? __sys_connect+0x9f/0xd0 [ 13.398630] __sys_connect+0x9f/0xd0 [ 13.398630] ? preempt_count_add+0x4d/0xa0 [ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50 [ 13.398630] __x64_sys_connect+0x16/0x20 [ 13.398630] do_syscall_64+0x42/0x90 [ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd It is because commit a41dad905e5a ("iov_iter: saner checks for attempt to copy to/from iterator") has introduced sanity check for copying from/to iov iterator. Lacking of copy direction from the iterator viewpoint would lead to kernel stack trace like above. This commit fixes this issue by initializing the iov iterator with the correct copy direction when sending SYN or ACK without data.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.1.15-1 |
| sid | Fixed | 6.1.15-1 |
| forky | Fixed | 6.1.15-1 |
| bullseye | Affected | โ |
| bookworm | Fixed | 6.1.15-1 |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | kernel-abi-stablelists-4.18.0-553.8.1.el8_10.noarch.rpm |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
References
- https://errata.rockylinux.org/RXSA-2024:4211
- https://errata.rockylinux.org/RLSA-2024:4352
- https://errata.rockylinux.org/RLSA-2024:4211
- https://www.suse.com/security/cve/CVE-2023-52700.html
- https://security-tracker.debian.org/tracker/CVE-2023-52700
- https://access.redhat.com/errata/RHSA-2024:4211
- https://bugzilla.redhat.com/1918601
- https://bugzilla.redhat.com/2248122
- https://bugzilla.redhat.com/2258875
- https://bugzilla.redhat.com/2265517
- https://bugzilla.redhat.com/2265519
- https://bugzilla.redhat.com/2265520
- https://bugzilla.redhat.com/2265800
- https://bugzilla.redhat.com/2266408
- https://bugzilla.redhat.com/2266831
- https://bugzilla.redhat.com/2267513
- https://bugzilla.redhat.com/2267518
- https://bugzilla.redhat.com/2267730
- https://bugzilla.redhat.com/2270093
- https://bugzilla.redhat.com/2271680
- https://bugzilla.redhat.com/2272692
- https://bugzilla.redhat.com/2272829
- https://bugzilla.redhat.com/2273204
- https://bugzilla.redhat.com/2273278
- https://bugzilla.redhat.com/2273423
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.