Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-52990

Опубликовано: 27 мар. 2025
Источник: redhat
CVSS3: 5.5

Описание

[REJECTED CVE] A vulnerability was initially suspected in the Linux kernel's s390 architecture code due to a misleading out-of-bounds read warning generated by GCC 11.1/11.2. However, this was a false positive caused by compiler misinterpretation of memcpy() usage in performance-critical lowcore operations. No actual memory corruption or security risk was present. An attacker could not exploit this issue, as the underlying code behavior remained safe and correct; the fix simply replaced memcpy() with a loop to silence the erroneous warning.

Отчет

This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025040115-REJECTED-4ce0@gregkh/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelNot affected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 8kernelOut of support scope
Red Hat Enterprise Linux 8kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2355477kernel: s390: workaround invalid gcc-11 out of bounds read warning

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-52990

ubuntu
11 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

nvd логотип

CVE-2023-52990

nvd
11 месяцев назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

github логотип

GHSA-c7qr-fxvv-x4fh

github
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: s390: workaround invalid gcc-11 out of bounds read warning GCC 11.1.0 and 11.2.0 generate a wrong warning when compiling the kernel e.g. with allmodconfig: arch/s390/kernel/setup.c: In function ‘setup_lowcore_dat_on’: ./include/linux/fortify-string.h:57:33: error: ‘__builtin_memcpy’ reading 128 bytes from a region of size 0 [-Werror=stringop-overread] ... arch/s390/kernel/setup.c:526:9: note: in expansion of macro ‘memcpy’ 526 | memcpy(abs_lc->cregs_save_area, S390_lowcore.cregs_save_area, | ^~~~~~ This could be addressed by using absolute_pointer() with the S390_lowcore macro, but this is not a good idea since this generates worse code for performance critical paths. Therefore simply use a for loop to copy the array in question and get rid of the warning.

fstec логотип

BDU:2025-14102

CVSS3: 5.5
fstec
11 месяцев назад

Уязвимость компонента s390 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3