CVE-2023-53108

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/iucv: Fix size of interrupt data<br /> <br /> iucv_irq_data needs to be 4 bytes larger.<br /> These bytes are not used by the iucv module, but written by<br /> the z/VM hypervisor in case a CPU is deconfigured.<br /> <br /> Reported as:<br /> BUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten<br /> -----------------------------------------------------------------------------<br /> 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc<br /> Allocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1<br /> __kmem_cache_alloc_node+0x166/0x450<br /> kmalloc_node_trace+0x3a/0x70<br /> iucv_cpu_prepare+0x44/0xd0<br /> cpuhp_invoke_callback+0x156/0x2f0<br /> cpuhp_issue_call+0xf0/0x298<br /> __cpuhp_setup_state_cpuslocked+0x136/0x338<br /> __cpuhp_setup_state+0xf4/0x288<br /> iucv_init+0xf4/0x280<br /> do_one_initcall+0x78/0x390<br /> do_initcalls+0x11a/0x140<br /> kernel_init_freeable+0x25e/0x2a0<br /> kernel_init+0x2e/0x170<br /> __ret_from_fork+0x3c/0x58<br /> ret_from_fork+0xa/0x40<br /> Freed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1<br /> __kmem_cache_free+0x308/0x358<br /> iucv_init+0x92/0x280<br /> do_one_initcall+0x78/0x390<br /> do_initcalls+0x11a/0x140<br /> kernel_init_freeable+0x25e/0x2a0<br /> kernel_init+0x2e/0x170<br /> __ret_from_fork+0x3c/0x58<br /> ret_from_fork+0xa/0x40<br /> Slab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0|<br /> Object 0x0000000000400540 @offset=1344 fp=0x0000000000000000<br /> Redzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Object 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> Object 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................<br /> Object 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................<br /> Object 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................<br /> Redzone 0000000000400580: cc cc cc cc cc cc cc cc ........<br /> Padding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ<br /> Padding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ<br /> Padding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ<br /> CPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1<br /> Hardware name: IBM 3931 A01 704 (z/VM 7.3.0)<br /> Call Trace:<br /> [] dump_stack_lvl+0xac/0x100<br /> [] check_bytes_and_report+0x104/0x140<br /> [] check_object+0x370/0x3c0<br /> [] free_debug_processing+0x15e/0x348<br /> [] free_to_partial_list+0x9a/0x2f0<br /> [] __slab_free+0x1e4/0x3a8<br /> [] __kmem_cache_free+0x308/0x358<br /> [] iucv_cpu_dead+0x6c/0x88<br /> [] cpuhp_invoke_callback+0x156/0x2f0<br /> [] _cpu_down.constprop.0+0x22a/0x5e0<br /> [] cpu_device_down+0x4e/0x78<br /> [] device_offline+0xc8/0x118<br /> [] online_store+0x60/0xe0<br /> [] kernfs_fop_write_iter+0x150/0x1e8<br /> [] vfs_write+0x174/0x360<br /> [] ksys_write+0x74/0x100<br /> [] __do_syscall+0x1da/0x208<br /> [] system_call+0x82/0xb0<br /> INFO: lockdep is turned off.<br /> FIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc<br /> FIX dma-kmalloc-64: Object at 0x0000000000400540 not freed