Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2023-52468): Linux kernel (OEM) vulnerabilities

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Ubuntu: (Multiple Advisories) (CVE-2023-52468): Linux kernel (OEM) vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

02/26/2024

Created

05/18/2024

Added

05/17/2024

Modified

07/15/2024

Description

In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in class_register() The lock_class_key is still registered and can be found in lock_keys_hash hlist after subsys_private is freed in error handler path.A task who iterate over the lock_keys_hash later may cause use-after-free.So fix that up and unregister the lock_class_key before kfree(cp). On our platform, a driver fails to kset_register because of creating duplicate filename '/class/xxx'.With Kasan enabled, it prints a invalid-access bug report. KASAN bug report: BUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc Write of size 8 at addr 15ffff808b8c0368 by task modprobe/252 Pointer tag: [15], memory tag: [fe] CPU: 7 PID: 252 Comm: modprobe Tainted: G W 6.6.0-mainline-maybe-dirty #1 Call trace: dump_backtrace+0x1b0/0x1e4 show_stack+0x2c/0x40 dump_stack_lvl+0xac/0xe0 print_report+0x18c/0x4d8 kasan_report+0xe8/0x148 __hwasan_store8_noabort+0x88/0x98 lockdep_register_key+0x19c/0x1bc class_register+0x94/0x1ec init_module+0xbc/0xf48 [rfkill] do_one_initcall+0x17c/0x72c do_init_module+0x19c/0x3f8 ... Memory state around the buggy address: ffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe >ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ ffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 As CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access not use-after-free here.In this case, modprobe is manipulating the corrupted lock_keys_hash hlish where lock_class_key is already freed before. It's worth noting that this only can happen if lockdep is enabled, which is not true for normal system.

Solution(s)

ubuntu-upgrade-linux-image-6-5-0-1015-starfive
ubuntu-upgrade-linux-image-6-5-0-1017-laptop
ubuntu-upgrade-linux-image-6-5-0-1018-raspi
ubuntu-upgrade-linux-image-6-5-0-1021-aws
ubuntu-upgrade-linux-image-6-5-0-1021-nvidia
ubuntu-upgrade-linux-image-6-5-0-1021-nvidia-64k
ubuntu-upgrade-linux-image-6-5-0-1022-azure
ubuntu-upgrade-linux-image-6-5-0-1022-azure-fde
ubuntu-upgrade-linux-image-6-5-0-1022-gcp
ubuntu-upgrade-linux-image-6-5-0-1022-oem
ubuntu-upgrade-linux-image-6-5-0-1024-oem
ubuntu-upgrade-linux-image-6-5-0-1024-oracle
ubuntu-upgrade-linux-image-6-5-0-1024-oracle-64k
ubuntu-upgrade-linux-image-6-5-0-41-generic
ubuntu-upgrade-linux-image-6-5-0-41-generic-64k
ubuntu-upgrade-linux-image-6-5-0-41-lowlatency
ubuntu-upgrade-linux-image-6-5-0-41-lowlatency-64k
ubuntu-upgrade-linux-image-aws
ubuntu-upgrade-linux-image-azure
ubuntu-upgrade-linux-image-azure-fde
ubuntu-upgrade-linux-image-gcp
ubuntu-upgrade-linux-image-generic
ubuntu-upgrade-linux-image-generic-64k
ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
ubuntu-upgrade-linux-image-generic-hwe-22-04
ubuntu-upgrade-linux-image-generic-lpae
ubuntu-upgrade-linux-image-kvm
ubuntu-upgrade-linux-image-laptop-23-10
ubuntu-upgrade-linux-image-lowlatency
ubuntu-upgrade-linux-image-lowlatency-64k
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
ubuntu-upgrade-linux-image-nvidia-6-5
ubuntu-upgrade-linux-image-nvidia-64k-6-5
ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04
ubuntu-upgrade-linux-image-nvidia-hwe-22-04
ubuntu-upgrade-linux-image-oem-22-04
ubuntu-upgrade-linux-image-oem-22-04a
ubuntu-upgrade-linux-image-oem-22-04b
ubuntu-upgrade-linux-image-oem-22-04c
ubuntu-upgrade-linux-image-oem-22-04d
ubuntu-upgrade-linux-image-oracle
ubuntu-upgrade-linux-image-oracle-64k
ubuntu-upgrade-linux-image-raspi
ubuntu-upgrade-linux-image-raspi-nolpae
ubuntu-upgrade-linux-image-starfive
ubuntu-upgrade-linux-image-virtual
ubuntu-upgrade-linux-image-virtual-hwe-22-04

References

https://attackerkb.com/topics/cve-2023-52468
CVE - 2023-52468
USN-6765-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2023-52468): Linux kernel (OEM) vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2023-52468): Linux kernel (OEM) vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.