Vulnerability Details : CVE-2023-52615
In the Linux kernel, the following vulnerability has been resolved:
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
There is a dead-lock in the hwrng device read path. This triggers
when the user reads from /dev/hwrng into memory also mmap-ed from
/dev/hwrng. The resulting page fault triggers a recursive read
which then dead-locks.
Fix this by using a stack buffer when calling copy_to_user.
Products affected by CVE-2023-52615
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-52615
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-52615
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2024-12-12 |
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2023-52615 | 2024-03-18 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2023-52615 | 2024-03-18 |
CWE ids for CVE-2023-52615
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-52615
-
https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
[SECURITY] [DLA 3840-1] linux security updatePatch
-
https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
[SECURITY] [DLA 3842-1] linux-5.10 security updatePatch
-
https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d
hwrng: core - Fix page fault dead lock on mmap-ed hwrng - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to