Out-of-bounds Read Affecting kernel-azure package, versions <5.14.21-150500.33.48.1
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-SLES155-KERNELAZURE-6808064
- published4 May 2024
- disclosed3 May 2024
Introduced: 3 May 2024
CVE-2023-52504 (opens in a new tab)How to fix?
Upgrade SLES:15.5 kernel-azure to version 5.14.21-150500.33.48.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-azure package and not the kernel-azure package as distributed by SLES.
See How to fix? for SLES:15.5 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
x86/alternatives: Disable KASAN in apply_alternatives()
Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine:
BUG: KASAN: out-of-bounds in rcu_is_watching()
Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0
...
__asan_load4()
rcu_is_watching()
trace_hardirqs_on()
text_poke_early()
apply_alternatives()
...
On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().
KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.
Fix it for real by disabling KASAN while the kernel is patching alternatives.
[ mingo: updated the changelog ]
References
- https://www.suse.com/security/cve/CVE-2023-52504.html
- https://bugzilla.suse.com/1221553
- https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae
- https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1
- https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b
- https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e
- https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4
- https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61
- https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc