Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2023-52813: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

SUSE: CVE-2023-52813: SUSE Linux Security Advisory

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/21/2024

Created

08/16/2024

Added

08/09/2024

Modified

08/15/2024

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATA_RESET We found a hungtask bug in test_aead_vec_cfg as follows: INFO: task cryptomgr_test:391009 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Call trace: __switch_to+0x98/0xe0 __schedule+0x6c4/0xf40 schedule+0xd8/0x1b4 schedule_timeout+0x474/0x560 wait_for_common+0x368/0x4e0 wait_for_completion+0x20/0x30 wait_for_completion+0x20/0x30 test_aead_vec_cfg+0xab4/0xd50 test_aead+0x144/0x1f0 alg_test_aead+0xd8/0x1e0 alg_test+0x634/0x890 cryptomgr_test+0x40/0x70 kthread+0x1e0/0x220 ret_from_fork+0x10/0x18 Kernel panic - not syncing: hung_task: blocked tasks For padata_do_parallel, when the return err is 0 or -EBUSY, it will call wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal case, aead_request_complete() will be called in pcrypt_aead_serial and the return err is 0 for padata_do_parallel. But, when pinst->flags is PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it won't call aead_request_complete(). Therefore, test_aead_vec_cfg will hung at wait_for_completion(&wait->completion), which will cause hungtask. The problem comes as following: (padata_do_parallel) | rcu_read_lock_bh(); | err = -EINVAL; | (padata_replace) | pinst->flags |= PADATA_RESET; err = -EBUSY | if (pinst->flags & PADATA_RESET) | rcu_read_unlock_bh() | return err In order to resolve the problem, we replace the return err -EBUSY with -EAGAIN, which means parallel_data is changing, and the caller should call it again. v3: remove retry and just change the return err. v2: introduce padata_try_do_parallel() in pcrypt_aead_encrypt and pcrypt_aead_decrypt to solve the hungtask.

Solution(s)

suse-upgrade-cluster-md-kmp-64kb
suse-upgrade-cluster-md-kmp-default
suse-upgrade-dlm-kmp-64kb
suse-upgrade-dlm-kmp-default
suse-upgrade-dtb-allwinner
suse-upgrade-dtb-altera
suse-upgrade-dtb-amazon
suse-upgrade-dtb-amd
suse-upgrade-dtb-amlogic
suse-upgrade-dtb-apm
suse-upgrade-dtb-apple
suse-upgrade-dtb-arm
suse-upgrade-dtb-broadcom
suse-upgrade-dtb-cavium
suse-upgrade-dtb-exynos
suse-upgrade-dtb-freescale
suse-upgrade-dtb-hisilicon
suse-upgrade-dtb-lg
suse-upgrade-dtb-marvell
suse-upgrade-dtb-mediatek
suse-upgrade-dtb-nvidia
suse-upgrade-dtb-qcom
suse-upgrade-dtb-renesas
suse-upgrade-dtb-rockchip
suse-upgrade-dtb-socionext
suse-upgrade-dtb-sprd
suse-upgrade-dtb-xilinx
suse-upgrade-gfs2-kmp-64kb
suse-upgrade-gfs2-kmp-default
suse-upgrade-kernel-64kb
suse-upgrade-kernel-64kb-devel
suse-upgrade-kernel-64kb-extra
suse-upgrade-kernel-64kb-livepatch-devel
suse-upgrade-kernel-64kb-optional
suse-upgrade-kernel-azure
suse-upgrade-kernel-azure-devel
suse-upgrade-kernel-debug
suse-upgrade-kernel-debug-devel
suse-upgrade-kernel-debug-livepatch-devel
suse-upgrade-kernel-debug-vdso
suse-upgrade-kernel-default
suse-upgrade-kernel-default-base
suse-upgrade-kernel-default-base-rebuild
suse-upgrade-kernel-default-devel
suse-upgrade-kernel-default-extra
suse-upgrade-kernel-default-livepatch
suse-upgrade-kernel-default-livepatch-devel
suse-upgrade-kernel-default-optional
suse-upgrade-kernel-default-vdso
suse-upgrade-kernel-devel
suse-upgrade-kernel-devel-azure
suse-upgrade-kernel-docs
suse-upgrade-kernel-docs-html
suse-upgrade-kernel-kvmsmall
suse-upgrade-kernel-kvmsmall-devel
suse-upgrade-kernel-kvmsmall-livepatch-devel
suse-upgrade-kernel-kvmsmall-vdso
suse-upgrade-kernel-macros
suse-upgrade-kernel-obs-build
suse-upgrade-kernel-obs-qa
suse-upgrade-kernel-source
suse-upgrade-kernel-source-azure
suse-upgrade-kernel-source-vanilla
suse-upgrade-kernel-syms
suse-upgrade-kernel-syms-azure
suse-upgrade-kernel-zfcpdump
suse-upgrade-kselftests-kmp-64kb
suse-upgrade-kselftests-kmp-default
suse-upgrade-ocfs2-kmp-64kb
suse-upgrade-ocfs2-kmp-default
suse-upgrade-reiserfs-kmp-64kb
suse-upgrade-reiserfs-kmp-default

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2023-52813: SUSE Linux Security Advisory

SUSE: CVE-2023-52813: SUSE Linux Security Advisory

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.