CVE-2023-52468 (GCVE-0-2023-52468)
Vulnerability from cvelistv5
Published
2024-02-25 08:16
Modified
2025-05-04 07:37
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in class_register() The lock_class_key is still registered and can be found in lock_keys_hash hlist after subsys_private is freed in error handler path.A task who iterate over the lock_keys_hash later may cause use-after-free.So fix that up and unregister the lock_class_key before kfree(cp). On our platform, a driver fails to kset_register because of creating duplicate filename '/class/xxx'.With Kasan enabled, it prints a invalid-access bug report. KASAN bug report: BUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc Write of size 8 at addr 15ffff808b8c0368 by task modprobe/252 Pointer tag: [15], memory tag: [fe] CPU: 7 PID: 252 Comm: modprobe Tainted: G W 6.6.0-mainline-maybe-dirty #1 Call trace: dump_backtrace+0x1b0/0x1e4 show_stack+0x2c/0x40 dump_stack_lvl+0xac/0xe0 print_report+0x18c/0x4d8 kasan_report+0xe8/0x148 __hwasan_store8_noabort+0x88/0x98 lockdep_register_key+0x19c/0x1bc class_register+0x94/0x1ec init_module+0xbc/0xf48 [rfkill] do_one_initcall+0x17c/0x72c do_init_module+0x19c/0x3f8 ... Memory state around the buggy address: ffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe >ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ ffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 As CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access not use-after-free here.In this case, modprobe is manipulating the corrupted lock_keys_hash hlish where lock_class_key is already freed before. It's worth noting that this only can happen if lockdep is enabled, which is not true for normal system.
References
Impacted products
Vendor Product Version
Linux Linux Version: dcfbb67e48a2becfce7990386e985b9c45098ee5
Version: dcfbb67e48a2becfce7990386e985b9c45098ee5
Version: dcfbb67e48a2becfce7990386e985b9c45098ee5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T18:14:41.496128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:16.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/class.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b57196a5ec5e4c0ffecde8348b085b778c7dce04",
              "status": "affected",
              "version": "dcfbb67e48a2becfce7990386e985b9c45098ee5",
              "versionType": "git"
            },
            {
              "lessThan": "0f1486dafca3398c4c46b9f6e6452fa27e73b559",
              "status": "affected",
              "version": "dcfbb67e48a2becfce7990386e985b9c45098ee5",
              "versionType": "git"
            },
            {
              "lessThan": "93ec4a3b76404bce01bd5c9032bef5df6feb1d62",
              "status": "affected",
              "version": "dcfbb67e48a2becfce7990386e985b9c45098ee5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/class.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclass: fix use-after-free in class_register()\n\nThe lock_class_key is still registered and can be found in\nlock_keys_hash hlist after subsys_private is freed in error\nhandler path.A task who iterate over the lock_keys_hash\nlater may cause use-after-free.So fix that up and unregister\nthe lock_class_key before kfree(cp).\n\nOn our platform, a driver fails to kset_register because of\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\nit prints a invalid-access bug report.\n\nKASAN bug report:\n\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\nPointer tag: [15], memory tag: [fe]\n\nCPU: 7 PID: 252 Comm: modprobe Tainted: G        W\n 6.6.0-mainline-maybe-dirty #1\n\nCall trace:\ndump_backtrace+0x1b0/0x1e4\nshow_stack+0x2c/0x40\ndump_stack_lvl+0xac/0xe0\nprint_report+0x18c/0x4d8\nkasan_report+0xe8/0x148\n__hwasan_store8_noabort+0x88/0x98\nlockdep_register_key+0x19c/0x1bc\nclass_register+0x94/0x1ec\ninit_module+0xbc/0xf48 [rfkill]\ndo_one_initcall+0x17c/0x72c\ndo_init_module+0x19c/0x3f8\n...\nMemory state around the buggy address:\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\n                                     ^\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\n\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\nnot use-after-free here.In this case, modprobe is manipulating\nthe corrupted lock_keys_hash hlish where lock_class_key is already\nfreed before.\n\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\nwhich is not true for normal system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:37:20.416Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559"
        },
        {
          "url": "https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62"
        }
      ],
      "title": "class: fix use-after-free in class_register()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52468",
    "datePublished": "2024-02-25T08:16:32.387Z",
    "dateReserved": "2024-02-20T12:30:33.297Z",
    "dateUpdated": "2025-05-04T07:37:20.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52468\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-26T16:27:48.710\",\"lastModified\":\"2024-11-21T08:39:50.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nclass: fix use-after-free in class_register()\\n\\nThe lock_class_key is still registered and can be found in\\nlock_keys_hash hlist after subsys_private is freed in error\\nhandler path.A task who iterate over the lock_keys_hash\\nlater may cause use-after-free.So fix that up and unregister\\nthe lock_class_key before kfree(cp).\\n\\nOn our platform, a driver fails to kset_register because of\\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\\nit prints a invalid-access bug report.\\n\\nKASAN bug report:\\n\\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\\nPointer tag: [15], memory tag: [fe]\\n\\nCPU: 7 PID: 252 Comm: modprobe Tainted: G        W\\n 6.6.0-mainline-maybe-dirty #1\\n\\nCall trace:\\ndump_backtrace+0x1b0/0x1e4\\nshow_stack+0x2c/0x40\\ndump_stack_lvl+0xac/0xe0\\nprint_report+0x18c/0x4d8\\nkasan_report+0xe8/0x148\\n__hwasan_store8_noabort+0x88/0x98\\nlockdep_register_key+0x19c/0x1bc\\nclass_register+0x94/0x1ec\\ninit_module+0xbc/0xf48 [rfkill]\\ndo_one_initcall+0x17c/0x72c\\ndo_init_module+0x19c/0x3f8\\n...\\nMemory state around the buggy address:\\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\\n                                     ^\\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\\n\\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\\nnot use-after-free here.In this case, modprobe is manipulating\\nthe corrupted lock_keys_hash hlish where lock_class_key is already\\nfreed before.\\n\\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\\nwhich is not true for normal system.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase: corrige use-after-free en class_register() Lock_class_key todav\u00eda est\u00e1 registrada y se puede encontrar en lock_keys_hash hlist despu\u00e9s de que subsys_private se libere en la ruta del controlador de errores. Una tarea que itera sobre Lock_keys_hash m\u00e1s tarde puede causar use-after-free. As\u00ed que solucione eso y cancele el registro de lock_class_key antes de kfree (cp). En nuestra plataforma, un controlador no logra kset_register debido a que crea un nombre de archivo duplicado \u0027/class/xxx\u0027. Con Kasan habilitado, imprime un informe de error de acceso no v\u00e1lido. Informe de error de KASAN: ERROR: KASAN: acceso no v\u00e1lido en lockdep_register_key+0x19c/0x1bc Escritura de tama\u00f1o 8 en la direcci\u00f3n 15ffff808b8c0368 mediante tarea modprobe/252 Etiqueta de puntero: [15], etiqueta de memoria: [fe] CPU: 7 PID: 252 Comm: modprobe contaminado: GW 6.6.0-mainline-maybe-dirty #1 Rastreo de llamadas: dump_backtrace+0x1b0/0x1e4 show_stack+0x2c/0x40 dump_stack_lvl+0xac/0xe0 print_report+0x18c/0x4d8 kasan_report+0xe8/0x148 __hwasan_store8_noabort+0x 88/0x98 lockdep_register_key+ 0x19c/0x1bc class_register+0x94/0x1ec init_module+0xbc/0xf48 [rfkill] do_one_initcall+0x17c/0x72c do_init_module+0x19c/0x3f8 ... Estado de la memoria alrededor de la direcci\u00f3n del error: ffffff808b8c0100: 8a 8a 8a 8a 8a 8 un 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a ffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe\u0026gt; ffffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ fffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 Como CONFIG_KASAN_GENERIC no est\u00e1 configurado, Kasan informa aqu\u00ed de acceso no v\u00e1lido, no use-after-free. En este caso, modprobe est\u00e1 manipulando el lock_keys_hash hlish corrupto donde lock_class_key ya se liber\u00f3 antes. Vale la pena se\u00f1alar que esto s\u00f3lo puede suceder si lockdep est\u00e1 habilitado, lo cual no es cierto para el sistema normal.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4.0\",\"versionEndExcluding\":\"6.6.14\",\"matchCriteriaId\":\"686183E6-D5C3-4A5B-9A18-8E3B4294EA6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.7.2\",\"matchCriteriaId\":\"0EA3778C-730B-464C-8023-18CA6AC0B807\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:03:19.632Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52468\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-26T18:14:41.496128Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:13.300Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"class: fix use-after-free in class_register()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"dcfbb67e48a2becfce7990386e985b9c45098ee5\", \"lessThan\": \"b57196a5ec5e4c0ffecde8348b085b778c7dce04\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dcfbb67e48a2becfce7990386e985b9c45098ee5\", \"lessThan\": \"0f1486dafca3398c4c46b9f6e6452fa27e73b559\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dcfbb67e48a2becfce7990386e985b9c45098ee5\", \"lessThan\": \"93ec4a3b76404bce01bd5c9032bef5df6feb1d62\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/base/class.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.4\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.4\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.6.14\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/base/class.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/b57196a5ec5e4c0ffecde8348b085b778c7dce04\"}, {\"url\": \"https://git.kernel.org/stable/c/0f1486dafca3398c4c46b9f6e6452fa27e73b559\"}, {\"url\": \"https://git.kernel.org/stable/c/93ec4a3b76404bce01bd5c9032bef5df6feb1d62\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nclass: fix use-after-free in class_register()\\n\\nThe lock_class_key is still registered and can be found in\\nlock_keys_hash hlist after subsys_private is freed in error\\nhandler path.A task who iterate over the lock_keys_hash\\nlater may cause use-after-free.So fix that up and unregister\\nthe lock_class_key before kfree(cp).\\n\\nOn our platform, a driver fails to kset_register because of\\ncreating duplicate filename \u0027/class/xxx\u0027.With Kasan enabled,\\nit prints a invalid-access bug report.\\n\\nKASAN bug report:\\n\\nBUG: KASAN: invalid-access in lockdep_register_key+0x19c/0x1bc\\nWrite of size 8 at addr 15ffff808b8c0368 by task modprobe/252\\nPointer tag: [15], memory tag: [fe]\\n\\nCPU: 7 PID: 252 Comm: modprobe Tainted: G        W\\n 6.6.0-mainline-maybe-dirty #1\\n\\nCall trace:\\ndump_backtrace+0x1b0/0x1e4\\nshow_stack+0x2c/0x40\\ndump_stack_lvl+0xac/0xe0\\nprint_report+0x18c/0x4d8\\nkasan_report+0xe8/0x148\\n__hwasan_store8_noabort+0x88/0x98\\nlockdep_register_key+0x19c/0x1bc\\nclass_register+0x94/0x1ec\\ninit_module+0xbc/0xf48 [rfkill]\\ndo_one_initcall+0x17c/0x72c\\ndo_init_module+0x19c/0x3f8\\n...\\nMemory state around the buggy address:\\nffffff808b8c0100: 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a\\nffffff808b8c0200: 8a 8a 8a 8a 8a 8a 8a 8a fe fe fe fe fe fe fe fe\\n\u003effffff808b8c0300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe\\n                                     ^\\nffffff808b8c0400: 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03\\n\\nAs CONFIG_KASAN_GENERIC is not set, Kasan reports invalid-access\\nnot use-after-free here.In this case, modprobe is manipulating\\nthe corrupted lock_keys_hash hlish where lock_class_key is already\\nfreed before.\\n\\nIt\u0027s worth noting that this only can happen if lockdep is enabled,\\nwhich is not true for normal system.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.14\", \"versionStartIncluding\": \"6.4\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.2\", \"versionStartIncluding\": \"6.4\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8\", \"versionStartIncluding\": \"6.4\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:37:20.416Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-52468\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:37:20.416Z\", \"dateReserved\": \"2024-02-20T12:30:33.297Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-25T08:16:32.387Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.