CVE-2023-53331

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pstore/ram: Check start of empty przs during init<br /> <br /> After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as<br /> valid"), initialization would assume a prz was valid after seeing that<br /> the buffer_size is zero (regardless of the buffer start position). This<br /> unchecked start value means it could be outside the bounds of the buffer,<br /> leading to future access panics when written to:<br /> <br /> sysdump_panic_event+0x3b4/0x5b8<br /> atomic_notifier_call_chain+0x54/0x90<br /> panic+0x1c8/0x42c<br /> die+0x29c/0x2a8<br /> die_kernel_fault+0x68/0x78<br /> __do_kernel_fault+0x1c4/0x1e0<br /> do_bad_area+0x40/0x100<br /> do_translation_fault+0x68/0x80<br /> do_mem_abort+0x68/0xf8<br /> el1_da+0x1c/0xc0<br /> __raw_writeb+0x38/0x174<br /> __memcpy_toio+0x40/0xac<br /> persistent_ram_update+0x44/0x12c<br /> persistent_ram_write+0x1a8/0x1b8<br /> ramoops_pstore_write+0x198/0x1e8<br /> pstore_console_write+0x94/0xe0<br /> ...<br /> <br /> To avoid this, also check if the prz start is 0 during the initialization<br /> phase. If not, the next prz sanity check case will discover it (start &gt;<br /> size) and zap the buffer back to a sane state.<br /> <br /> [kees: update commit log with backtrace and clarifications]