Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2023 / CVE-2023-53065.json
blob: 191d89931b9add48d533b99c6d68e7e1905f065b [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output\n\nsyzkaller reportes a KASAN issue with stack-out-of-bounds.\nThe call trace is as follows:\n dump_stack+0x9c/0xd3\n print_address_description.constprop.0+0x19/0x170\n __kasan_report.cold+0x6c/0x84\n kasan_report+0x3a/0x50\n __perf_event_header__init_id+0x34/0x290\n perf_event_header__init_id+0x48/0x60\n perf_output_begin+0x4a4/0x560\n perf_event_bpf_output+0x161/0x1e0\n perf_iterate_sb_cpu+0x29e/0x340\n perf_iterate_sb+0x4c/0xc0\n perf_event_bpf_event+0x194/0x2c0\n __bpf_prog_put.constprop.0+0x55/0xf0\n __cls_bpf_delete_prog+0xea/0x120 [cls_bpf]\n cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf]\n process_one_work+0x3c2/0x730\n worker_thread+0x93/0x650\n kthread+0x1b8/0x210\n ret_from_fork+0x1f/0x30\n\ncommit 267fb27352b6 (\"perf: Reduce stack usage of perf_output_begin()\")\nuse on-stack struct perf_sample_data of the caller function.\n\nHowever, perf_event_bpf_output uses incorrect parameter to convert\nsmall-sized data (struct perf_bpf_event) into large-sized data\n(struct perf_sample_data), which causes memory overwriting occurs in\n__perf_event_header__init_id."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"kernel/events/core.c"
],
"versions": [
{
"version": "267fb27352b6fc9fdbad753127a239f75618ecbc",
"lessThan": "ddcf8320003638a06eb1e46412e045d0c5701575",
"status": "affected",
"versionType": "git"
},
{
"version": "267fb27352b6fc9fdbad753127a239f75618ecbc",
"lessThan": "ac5f88642cb211152041f84a985309e9af4baf59",
"status": "affected",
"versionType": "git"
},
{
"version": "267fb27352b6fc9fdbad753127a239f75618ecbc",
"lessThan": "ff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c",
"status": "affected",
"versionType": "git"
},
{
"version": "267fb27352b6fc9fdbad753127a239f75618ecbc",
"lessThan": "3a776fddb4e5598c8bfcd4ad094fba34f9856fc9",
"status": "affected",
"versionType": "git"
},
{
"version": "267fb27352b6fc9fdbad753127a239f75618ecbc",
"lessThan": "eb81a2ed4f52be831c9fb879752d89645a312c13",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"kernel/events/core.c"
],
"versions": [
{
"version": "5.10",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.10",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.177",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.105",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.22",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.2.9",
"lessThanOrEqual": "6.2.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.3",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.177"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.15.105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "6.1.22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "6.2.9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "6.3"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/ddcf8320003638a06eb1e46412e045d0c5701575"
},
{
"url": "https://git.kernel.org/stable/c/ac5f88642cb211152041f84a985309e9af4baf59"
},
{
"url": "https://git.kernel.org/stable/c/ff8137727a2af4ad5f6e6c8b9f7ec5e8db9da86c"
},
{
"url": "https://git.kernel.org/stable/c/3a776fddb4e5598c8bfcd4ad094fba34f9856fc9"
},
{
"url": "https://git.kernel.org/stable/c/eb81a2ed4f52be831c9fb879752d89645a312c13"
}
],
"title": "perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2023-53065",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}