发布于3月6日3月6日 Members Rocky Linux: CVE-2023-52700: kernel-rt (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/21/2024 Created 07/16/2024 Added 07/16/2024 Modified 11/18/2024 Description In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ... [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630]<TASK> [ 13.398630]? __alloc_skb+0xed/0x1a0 [ 13.398630]tipc_msg_build+0x12c/0x670 [tipc] [ 13.398630]? shmem_add_to_page_cache.isra.71+0x151/0x290 [ 13.398630]__tipc_sendmsg+0x2d1/0x710 [tipc] [ 13.398630]? tipc_connect+0x1d9/0x230 [tipc] [ 13.398630]? __local_bh_enable_ip+0x37/0x80 [ 13.398630]tipc_connect+0x1d9/0x230 [tipc] [ 13.398630]? __sys_connect+0x9f/0xd0 [ 13.398630]__sys_connect+0x9f/0xd0 [ 13.398630]? preempt_count_add+0x4d/0xa0 [ 13.398630]? fpregs_assert_state_consistent+0x22/0x50 [ 13.398630]__x64_sys_connect+0x16/0x20 [ 13.398630]do_syscall_64+0x42/0x90 [ 13.398630]entry_SYSCALL_64_after_hwframe+0x63/0xcd It is because commit a41dad905e5a ("iov_iter: saner checks for attempt to copy to/from iterator") has introduced sanity check for copying from/to iov iterator. Lacking of copy direction from the iterator viewpoint would lead to kernel stack trace like above. This commit fixes this issue by initializing the iov iterator with the correct copy direction when sending SYN or ACK without data. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52700 CVE - 2023-52700 https://errata.rockylinux.org/RLSA-2024:4211 https://errata.rockylinux.org/RLSA-2024:4352
