AZL-67548

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67548.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-67548
Upstream
Published
2024-05-21T16:15:12Z
Modified
2026-04-01T05:21:14.777062Z
Summary
CVE-2023-52700 affecting package kernel 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix kernel warning when sending SYN message

When sending a SYN message, this kernel stack trace is observed:

... [ 13.396352] RIP: 0010:copyfrom_iter+0xb4/0x550 ... [ 13.398494] Call Trace: [ 13.398630] <TASK> [ 13.398630] ? __allocskb+0xed/0x1a0 [ 13.398630] tipcmsgbuild+0x12c/0x670 [tipc] [ 13.398630] ? shmemaddtopage_cache.isra.71+0x151/0x290 [ 13.398630] __tipcsendmsg+0x2d1/0x710 [tipc] [ 13.398630] ? tipcconnect+0x1d9/0x230 [tipc] [ 13.398630] ? __localbhenableip+0x37/0x80 [ 13.398630] tipcconnect+0x1d9/0x230 [tipc] [ 13.398630] ? __sys_connect+0x9f/0xd0 [ 13.398630] __sysconnect+0x9f/0xd0 [ 13.398630] ? preemptcountadd+0x4d/0xa0 [ 13.398630] ? fpregsassertstateconsistent+0x22/0x50 [ 13.398630] __x64sysconnect+0x16/0x20 [ 13.398630] dosyscall64+0x42/0x90 [ 13.398630] entrySYSCALL64afterhwframe+0x63/0xcd

It is because commit a41dad905e5a ("iov_iter: saner checks for attempt to copy to/from iterator") has introduced sanity check for copying from/to iov iterator. Lacking of copy direction from the iterator viewpoint would lead to kernel stack trace like above.

This commit fixes this issue by initializing the iov iterator with the correct copy direction when sending SYN or ACK without data.

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67548.json"