跳转到帖子

Red Hat: CVE-2023-52735: kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (Multiple Advisories)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Red Hat: CVE-2023-52735: kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (Multiple Advisories)

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
05/21/2024
Created
09/14/2024
Added
09/13/2024
Modified
09/13/2024

Description

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/[email protected]/

Solution(s)

  • redhat-upgrade-kernel
  • redhat-upgrade-kernel-rt

References

  • CVE-2023-52735
  • RHSA-2024:5672
  • RHSA-2024:5673
  • 查看数 698
  • 已创建
  • 最后回复
转到主题列表