cve/published/2023/CVE-2023-53007.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-53007: tracing: Make sure trace_printk() can output as soon as it can be used

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 tracing: Make sure trace_printk() can output as soon as it can be used

 Currently trace_printk() can be used as soon as early_trace_init() is
 called from start_kernel(). But if a crash happens, and
 "ftrace_dump_on_oops" is set on the kernel command line, all you get will
 be:

   [    0.456075]   <idle>-0         0dN.2. 347519us : Unknown type 6
   [    0.456075]   <idle>-0         0dN.2. 353141us : Unknown type 6
   [    0.456075]   <idle>-0         0dN.2. 358684us : Unknown type 6

 This is because the trace_printk() event (type 6) hasn't been registered
 yet. That gets done via an early_initcall(), which may be early, but not
 early enough.

 Instead of registering the trace_printk() event (and other ftrace events,
 which are not trace events) via an early_initcall(), have them registered at
 the same time that trace_printk() can be used. This way, if there is a
 crash before early_initcall(), then the trace_printk()s will actually be
 useful.

 The Linux kernel CVE team has assigned CVE-2023-53007 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 4.14.305 with commit f97eb0ab066133483a65c93eb894748de2f6b598
 	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 4.19.272 with commit b94d7c7654356860dd7719120c7d15ba38b6162a
 	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 5.4.231 with commit 76b2390fdc80c0a8300e5da5b6b62d201b6fe9ce
 	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 5.10.166 with commit de3930a4883ddad2244efd6d349013294c62c75c
 	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 5.15.91 with commit b0af180514edea6c83dc9a299d9f383009c99f25
 	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 6.1.9 with commit 198c83963f6335ca6d690cff067679560f2a3a22
 	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 6.2 with commit 3bb06eb6e9acf7c4a3e1b5bc87aed398ff8e2253

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-53007
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	kernel/trace/trace.c
 	kernel/trace/trace.h
 	kernel/trace/trace_output.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/f97eb0ab066133483a65c93eb894748de2f6b598
 	https://git.kernel.org/stable/c/b94d7c7654356860dd7719120c7d15ba38b6162a
 	https://git.kernel.org/stable/c/76b2390fdc80c0a8300e5da5b6b62d201b6fe9ce
 	https://git.kernel.org/stable/c/de3930a4883ddad2244efd6d349013294c62c75c
 	https://git.kernel.org/stable/c/b0af180514edea6c83dc9a299d9f383009c99f25
 	https://git.kernel.org/stable/c/198c83963f6335ca6d690cff067679560f2a3a22
 	https://git.kernel.org/stable/c/3bb06eb6e9acf7c4a3e1b5bc87aed398ff8e2253
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-53007: tracing: Make sure trace_printk() can output as soon as it can be used

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	tracing: Make sure trace_printk() can output as soon as it can be used

	Currently trace_printk() can be used as soon as early_trace_init() is
	called from start_kernel(). But if a crash happens, and
	"ftrace_dump_on_oops" is set on the kernel command line, all you get will
	be:

	[ 0.456075] <idle>-0 0dN.2. 347519us : Unknown type 6
	[ 0.456075] <idle>-0 0dN.2. 353141us : Unknown type 6
	[ 0.456075] <idle>-0 0dN.2. 358684us : Unknown type 6

	This is because the trace_printk() event (type 6) hasn't been registered
	yet. That gets done via an early_initcall(), which may be early, but not
	early enough.

	Instead of registering the trace_printk() event (and other ftrace events,
	which are not trace events) via an early_initcall(), have them registered at
	the same time that trace_printk() can be used. This way, if there is a
	crash before early_initcall(), then the trace_printk()s will actually be
	useful.

	The Linux kernel CVE team has assigned CVE-2023-53007 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 4.14.305 with commit f97eb0ab066133483a65c93eb894748de2f6b598
	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 4.19.272 with commit b94d7c7654356860dd7719120c7d15ba38b6162a
	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 5.4.231 with commit 76b2390fdc80c0a8300e5da5b6b62d201b6fe9ce
	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 5.10.166 with commit de3930a4883ddad2244efd6d349013294c62c75c
	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 5.15.91 with commit b0af180514edea6c83dc9a299d9f383009c99f25
	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 6.1.9 with commit 198c83963f6335ca6d690cff067679560f2a3a22
	Issue introduced in 4.12 with commit e725c731e3bb1e892e7b564c945b121cb41d1087 and fixed in 6.2 with commit 3bb06eb6e9acf7c4a3e1b5bc87aed398ff8e2253

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-53007
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	kernel/trace/trace.c
	kernel/trace/trace.h
	kernel/trace/trace_output.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/f97eb0ab066133483a65c93eb894748de2f6b598
	https://git.kernel.org/stable/c/b94d7c7654356860dd7719120c7d15ba38b6162a
	https://git.kernel.org/stable/c/76b2390fdc80c0a8300e5da5b6b62d201b6fe9ce
	https://git.kernel.org/stable/c/de3930a4883ddad2244efd6d349013294c62c75c
	https://git.kernel.org/stable/c/b0af180514edea6c83dc9a299d9f383009c99f25
	https://git.kernel.org/stable/c/198c83963f6335ca6d690cff067679560f2a3a22
	https://git.kernel.org/stable/c/3bb06eb6e9acf7c4a3e1b5bc87aed398ff8e2253