fkie_cve-2023-52942
Vulnerability from fkie_nvd
Published
2025-03-27 17:15
Modified
2025-03-28 18:11
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() It was found that the check to see if a partition could use up all the cpus from the parent cpuset in update_parent_subparts_cpumask() was incorrect. As a result, it is possible to leave parent with no effective cpu left even if there are tasks in the parent cpuset. This can lead to system panic as reported in [1]. Fix this probem by updating the check to fail the enabling the partition if parent's effective_cpus is a subset of the child's cpus_allowed. Also record the error code when an error happens in update_prstate() and add a test case where parent partition and child have the same cpu list and parent has task. Enabling partition in the child will fail in this case. [1] https://www.spinics.net/lists/cgroups/msg36254.html
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a2ab7f2cf5ef8f0c6212a246e681d1fe358cec1f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e5ae8803847b80fe9d744a3174abe2b7bfed222a
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask()\n\nIt was found that the check to see if a partition could use up all\nthe cpus from the parent cpuset in update_parent_subparts_cpumask()\nwas incorrect. As a result, it is possible to leave parent with no\neffective cpu left even if there are tasks in the parent cpuset. This\ncan lead to system panic as reported in [1].\n\nFix this probem by updating the check to fail the enabling the partition\nif parent\u0027s effective_cpus is a subset of the child\u0027s cpus_allowed.\n\nAlso record the error code when an error happens in update_prstate()\nand add a test case where parent partition and child have the same cpu\nlist and parent has task. Enabling partition in the child will fail in\nthis case.\n\n[1] https://www.spinics.net/lists/cgroups/msg36254.html"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cgroup/cpuset: Correcci\u00f3n de una comprobaci\u00f3n incorrecta en update_parent_subparts_cpumask(). Se detect\u00f3 que la comprobaci\u00f3n para ver si una partici\u00f3n pod\u00eda usar todas las CPU del conjunto de CPU principal en update_parent_subparts_cpumask() era incorrecta. Como resultado, es posible dejar la partici\u00f3n principal sin CPU efectiva, incluso si hay tareas en el conjunto de CPU principal. Esto puede provocar un p\u00e1nico del sistema, como se informa en [1]. Corrija este problema actualizando la comprobaci\u00f3n para que falle al habilitar la partici\u00f3n si el valor de CPU efectivas de la partici\u00f3n principal es un subconjunto del valor de CPU permitidas de la partici\u00f3n secundaria. Tambi\u00e9n registre el c\u00f3digo de error cuando se produce un error en update_prstate() y agregue un caso de prueba donde la partici\u00f3n principal y la secundaria tengan la misma lista de CPU y la partici\u00f3n principal tenga una tarea. En este caso, la habilitaci\u00f3n de la partici\u00f3n en la secundaria fallar\u00e1. [1] https://www.spinics.net/lists/cgroups/msg36254.html"
    }
  ],
  "id": "CVE-2023-52942",
  "lastModified": "2025-03-28T18:11:49.747",
  "metrics": {},
  "published": "2025-03-27T17:15:44.163",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a2ab7f2cf5ef8f0c6212a246e681d1fe358cec1f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e5ae8803847b80fe9d744a3174abe2b7bfed222a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.