Improper Locking The advisory has been revoked - it doesn't affect any version of package kernel-tools (opens in a new tab)
Threat Intelligence
Exploit maturity not defined.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL9-KERNELTOOLS-7790768
- published22 Aug 2024
- disclosed21 Aug 2024
Introduced: 21 Aug 2024
CVE-2023-52903 (opens in a new tab)Amendment
The Red Hat security team deemed this advisory irrelevant for RHEL:9.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-tools package and not the kernel-tools package as distributed by RHEL.
In the Linux kernel, the following vulnerability has been resolved:
io_uring: lock overflowing for IOPOLL
syzbot reports an issue with overflow filling for IOPOLL:
WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773 io_fill_cqe_req io_uring/io_uring.h:168 [inline] io_do_iopoll+0x474/0x62c io_uring/rw.c:1065 io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513 io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056 io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863
There is no real problem for normal IOPOLL as flush is also called with uring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL, for which __io_cqring_overflow_flush() happens from the CQ waiting path.
References
- https://access.redhat.com/security/cve/CVE-2023-52903
- https://git.kernel.org/stable/c/544d163d659d45a206d8929370d5a2984e546cb7
- https://git.kernel.org/stable/c/7fc3990dad04a677606337ebc61964094d6cb41b
- https://git.kernel.org/stable/c/de77faee280163ff03b7ab64af6c9d779a43d4c4
- https://git.kernel.org/stable/c/ed4629d1e968359fbb91d0a3780b1e86a2c08845