Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-52797

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/05/2024
Last modified:
26/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drivers: perf: Check find_first_bit() return value<br /> <br /> We must check the return value of find_first_bit() before using the<br /> return value as an index array since it happens to overflow the array<br /> and then panic:<br /> <br /> [ 107.318430] Kernel BUG [#1]<br /> [ 107.319434] CPU: 3 PID: 1238 Comm: kill Tainted: G E 6.6.0-rc6ubuntu-defconfig #2<br /> [ 107.319465] Hardware name: riscv-virtio,qemu (DT)<br /> [ 107.319551] epc : pmu_sbi_ovf_handler+0x3a4/0x3ae<br /> [ 107.319840] ra : pmu_sbi_ovf_handler+0x52/0x3ae<br /> [ 107.319868] epc : ffffffff80a0a77c ra : ffffffff80a0a42a sp : ffffaf83fecda350<br /> [ 107.319884] gp : ffffffff823961a8 tp : ffffaf8083db1dc0 t0 : ffffaf83fecda480<br /> [ 107.319899] t1 : ffffffff80cafe62 t2 : 000000000000ff00 s0 : ffffaf83fecda520<br /> [ 107.319921] s1 : ffffaf83fecda380 a0 : 00000018fca29df0 a1 : ffffffffffffffff<br /> [ 107.319936] a2 : 0000000001073734 a3 : 0000000000000004 a4 : 0000000000000000<br /> [ 107.319951] a5 : 0000000000000040 a6 : 000000001d1c8774 a7 : 0000000000504d55<br /> [ 107.319965] s2 : ffffffff82451f10 s3 : ffffffff82724e70 s4 : 000000000000003f<br /> [ 107.319980] s5 : 0000000000000011 s6 : ffffaf8083db27c0 s7 : 0000000000000000<br /> [ 107.319995] s8 : 0000000000000001 s9 : 00007fffb45d6558 s10: 00007fffb45d81a0<br /> [ 107.320009] s11: ffffaf7ffff60000 t3 : 0000000000000004 t4 : 0000000000000000<br /> [ 107.320023] t5 : ffffaf7f80000000 t6 : ffffaf8000000000<br /> [ 107.320037] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003<br /> [ 107.320081] [] pmu_sbi_ovf_handler+0x3a4/0x3ae<br /> [ 107.320112] [] handle_percpu_devid_irq+0x9e/0x1a0<br /> [ 107.320131] [] generic_handle_domain_irq+0x28/0x36<br /> [ 107.320148] [] riscv_intc_irq+0x36/0x4e<br /> [ 107.320166] [] handle_riscv_irq+0x54/0x86<br /> [ 107.320189] [] do_irq+0x64/0x96<br /> [ 107.320271] Code: 85a6 855e b097 ff7f 80e7 9220 b709 9002 4501 bbd9 (9002) 6097<br /> [ 107.320585] ---[ end trace 0000000000000000 ]---<br /> [ 107.320704] Kernel panic - not syncing: Fatal exception in interrupt<br /> [ 107.320775] SMP: stopping secondary CPUs<br /> [ 107.321219] Kernel Offset: 0x0 from 0xffffffff80000000<br /> [ 107.333051] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.18 (including) 6.5.13 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6 (including) 6.6.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools