CVE-2023-52568
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52568
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52568.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52568
- Downstream
- Published
- 2024-03-02T21:59:39Z
- Modified
- 2025-10-14T06:51:16.497119Z
- Summary
- x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an enclave and set secs.epcpage to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault handler. However, the NULL check for secs.epcpage is only done for ELDU, not EAUG before being used.
Fix this by doing the same NULL check and reloading of the SECS page as needed for both EAUG and ELDU.
The SECS page holds global enclave metadata. It can only be reclaimed when there are no other enclave pages remaining. At that point, virtually nothing can be done with the enclave until the SECS page is paged back in.
An enclave can not run nor generate page faults without a resident SECS page. But it is still possible for a #PF for a non-SECS page to race with paging out the SECS page: when the last resident non-SECS page A triggers a #PF in a non-resident page B, and then page A and the SECS both are paged out before the #PF on B is handled.
Hitting this bug requires that race triggered with a #PF for EAUG. Following is a trace when it happens.
BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:sgxencleaugpage+0xc7/0x210 Call Trace: ? _kmemcacheallocnode+0x16a/0x440 ? xaload+0x6e/0xa0 sgxvmafault+0x119/0x230 _dofault+0x36/0x140 dofault+0x12f/0x400 _handlemmfault+0x728/0x1110 handlemmfault+0x105/0x310 douseraddrfault+0x1ee/0x750 ? _thiscpupreemptcheck+0x13/0x20 excpagefault+0x76/0x180 asmexcpagefault+0x27/0x30
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5a90d2c3f5ef87717e54572af8426aba6fdbdaa6Fixed811ba2ef0cb6402672e64ba1419d6ef95aa3405d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5a90d2c3f5ef87717e54572af8426aba6fdbdaa6Fixed1348f7f15d7c7798456856bee74a4235c2da994e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5a90d2c3f5ef87717e54572af8426aba6fdbdaa6Fixedc6c2adcba50c2622ed25ba5d5e7f05f584711358
Affected versions
v5.*
v5.18
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.6-rc1
v6.6-rc2
Database specific
{
"vanir_signatures": [
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1348f7f15d7c7798456856bee74a4235c2da994e",
"signature_type": "Function",
"digest": {
"function_hash": "316216990217190657330451793883625926008",
"length": 499.0
},
"id": "CVE-2023-52568-09a129b6",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c",
"function": "__sgx_encl_load_page"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@811ba2ef0cb6402672e64ba1419d6ef95aa3405d",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297797391844715398032806905282524214114",
"162948716855478595772140997635580530243",
"35926965197313501575922877910956204278",
"192303223270365280990829779513150715207",
"99963795925731473839757219482317606269",
"143219514893602171888324874597442306747",
"249884743087210579851159236552476857512",
"327595816000547277727586752823642773173",
"2318756852965521005217395937397347152",
"67409239374015089916456198647682291410",
"198051555188845238849439150987125248095",
"140100817457118229531717029111928989322",
"26357909374015568976904906170365465918",
"273345055786714227804052858071040338957"
]
},
"id": "CVE-2023-52568-111caaf2",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1348f7f15d7c7798456856bee74a4235c2da994e",
"signature_type": "Function",
"digest": {
"function_hash": "96880869610542417473049407394445034060",
"length": 1748.0
},
"id": "CVE-2023-52568-37980c0b",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c",
"function": "sgx_encl_eaug_page"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6c2adcba50c2622ed25ba5d5e7f05f584711358",
"signature_type": "Function",
"digest": {
"function_hash": "96880869610542417473049407394445034060",
"length": 1748.0
},
"id": "CVE-2023-52568-3e3fd99e",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c",
"function": "sgx_encl_eaug_page"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@811ba2ef0cb6402672e64ba1419d6ef95aa3405d",
"signature_type": "Function",
"digest": {
"function_hash": "96880869610542417473049407394445034060",
"length": 1748.0
},
"id": "CVE-2023-52568-603637bc",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c",
"function": "sgx_encl_eaug_page"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6c2adcba50c2622ed25ba5d5e7f05f584711358",
"signature_type": "Function",
"digest": {
"function_hash": "316216990217190657330451793883625926008",
"length": 499.0
},
"id": "CVE-2023-52568-65306551",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c",
"function": "__sgx_encl_load_page"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6c2adcba50c2622ed25ba5d5e7f05f584711358",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297797391844715398032806905282524214114",
"162948716855478595772140997635580530243",
"35926965197313501575922877910956204278",
"192303223270365280990829779513150715207",
"99963795925731473839757219482317606269",
"143219514893602171888324874597442306747",
"249884743087210579851159236552476857512",
"327595816000547277727586752823642773173",
"2318756852965521005217395937397347152",
"67409239374015089916456198647682291410",
"198051555188845238849439150987125248095",
"140100817457118229531717029111928989322",
"26357909374015568976904906170365465918",
"273345055786714227804052858071040338957"
]
},
"id": "CVE-2023-52568-7bf84d31",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@811ba2ef0cb6402672e64ba1419d6ef95aa3405d",
"signature_type": "Function",
"digest": {
"function_hash": "316216990217190657330451793883625926008",
"length": 499.0
},
"id": "CVE-2023-52568-8e26538e",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c",
"function": "__sgx_encl_load_page"
},
"deprecated": false,
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1348f7f15d7c7798456856bee74a4235c2da994e",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297797391844715398032806905282524214114",
"162948716855478595772140997635580530243",
"35926965197313501575922877910956204278",
"192303223270365280990829779513150715207",
"99963795925731473839757219482317606269",
"143219514893602171888324874597442306747",
"249884743087210579851159236552476857512",
"327595816000547277727586752823642773173",
"2318756852965521005217395937397347152",
"67409239374015089916456198647682291410",
"198051555188845238849439150987125248095",
"140100817457118229531717029111928989322",
"26357909374015568976904906170365465918",
"273345055786714227804052858071040338957"
]
},
"id": "CVE-2023-52568-e25e85c7",
"target": {
"file": "arch/x86/kernel/cpu/sgx/encl.c"
},
"deprecated": false,
"signature_version": "v1"
}
]
}