CVE-2023-52501

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ring-buffer: Do not attempt to read past "commit"<br /> <br /> When iterating over the ring buffer while the ring buffer is active, the<br /> writer can corrupt the reader. There&amp;#39;s barriers to help detect this and<br /> handle it, but that code missed the case where the last event was at the<br /> very end of the page and has only 4 bytes left.<br /> <br /> The checks to detect the corruption by the writer to reads needs to see the<br /> length of the event. If the length in the first 4 bytes is zero then the<br /> length is stored in the second 4 bytes. But if the writer is in the process<br /> of updating that code, there&amp;#39;s a small window where the length in the first<br /> 4 bytes could be zero even though the length is only 4 bytes. That will<br /> cause rb_event_length() to read the next 4 bytes which could happen to be off the<br /> allocated page.<br /> <br /> To protect against this, fail immediately if the next event pointer is<br /> less than 8 bytes from the end of the commit (last byte of data), as all<br /> events must be a minimum of 8 bytes anyway.