Описание
In the Linux kernel, the following vulnerability has been resolved:
kernel: watch_queue: copy user-array safely
Currently, there is no overflow-check with memdup_user().
Use the new function memdup_array_user() instead of memdup_user() for duplicating the user-space array safely.
In the Linux kernel, the following vulnerability has been resolved:
kernel: watch_queue: copy user-array safely
Currently, there is no overflow-check with memdup_user().
Use the new function memdup_array_user() instead of memdup_user() for duplicating the user-space array safely.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-52824
- https://git.kernel.org/stable/c/0f403ebad98e6151aaa9c96c9aae5549aa4d87cd
- https://git.kernel.org/stable/c/22260dabcfe30ab70440d91aa1e4a703d13925c4
- https://git.kernel.org/stable/c/6995df256e4f5841fb45cf40d04f94b62b8067e1
- https://git.kernel.org/stable/c/c7acf02df1673a4ea7d6401ac4bc773ffe6a88f6
- https://git.kernel.org/stable/c/ca0776571d3163bd03b3e8c9e3da936abfaecbf6
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] A memory handling vulnerability was identified in the Linux kernel's watch_queue subsystem. The issue stems from the lack of overflow checks when duplicating a user-space array with memdup_user(). This could allow an attacker to exploit the absence of safeguards, potentially leading to a denial-of-service condition.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.