CVE-2023-52596

When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories.

The function registersysctlmountpoint now passes a ctltable of size 1 instead of size 0. It now relies solely on the type to identify a permanently empty register.

Make sure that the ctl_table has at least one element before testing for permanent emptiness.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52596.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9edbfe92a0a1355bae1e47c8f542ac0d39f19f8c

Fixed

15893975e9e382f8294ea8d926f08dc2d8d39ede

Fixed

2ae7081bc10123b187e36a4f3a8e53768de31489

Fixed

315552310c7de92baea4e570967066569937a843

Affected versions

v6.*

v6.5

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.7.1

v6.7.2

v6.7.3

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "13030975381535929140704745199424915605",
            "length": 605.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "id": "CVE-2023-52596-02c2af95",
        "target": {
            "function": "get_links",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "13030975381535929140704745199424915605",
            "length": 605.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
        "id": "CVE-2023-52596-13683935",
        "target": {
            "function": "get_links",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "331205227813525748337449475577217144180",
                "202362387178292020068925319666755021199",
                "225029166757210277283604577720689002337",
                "172286940978710546818091141344873937912",
                "16032621808443415313783348230106002329",
                "17199042881259572953803774662763916983",
                "33060458492404124636602009380922270542",
                "26906992715676139971118793963108332113",
                "72046208143686113784618107656390036547",
                "91150481204991021138829032858631434142",
                "289065514686434675368869729466370063579"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
        "id": "CVE-2023-52596-1b63c502",
        "target": {
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "331205227813525748337449475577217144180",
                "202362387178292020068925319666755021199",
                "225029166757210277283604577720689002337",
                "172286940978710546818091141344873937912",
                "16032621808443415313783348230106002329",
                "17199042881259572953803774662763916983",
                "33060458492404124636602009380922270542",
                "26906992715676139971118793963108332113",
                "72046208143686113784618107656390036547",
                "91150481204991021138829032858631434142",
                "289065514686434675368869729466370063579"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "id": "CVE-2023-52596-42c01c27",
        "target": {
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "99489623300237168435731014800083218473",
            "length": 675.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
        "id": "CVE-2023-52596-4650bfeb",
        "target": {
            "function": "insert_header",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "13030975381535929140704745199424915605",
            "length": 605.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
        "id": "CVE-2023-52596-473a904f",
        "target": {
            "function": "get_links",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "6000987126646564693909845850384480822",
            "length": 97.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
        "id": "CVE-2023-52596-8859265e",
        "target": {
            "function": "register_sysctl_mount_point",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "99489623300237168435731014800083218473",
            "length": 675.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "id": "CVE-2023-52596-afff5ea7",
        "target": {
            "function": "insert_header",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "331205227813525748337449475577217144180",
                "202362387178292020068925319666755021199",
                "225029166757210277283604577720689002337",
                "172286940978710546818091141344873937912",
                "16032621808443415313783348230106002329",
                "17199042881259572953803774662763916983",
                "33060458492404124636602009380922270542",
                "26906992715676139971118793963108332113",
                "72046208143686113784618107656390036547",
                "91150481204991021138829032858631434142",
                "289065514686434675368869729466370063579"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
        "id": "CVE-2023-52596-ca138a8f",
        "target": {
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "6000987126646564693909845850384480822",
            "length": 97.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
        "id": "CVE-2023-52596-cd61f8e5",
        "target": {
            "function": "register_sysctl_mount_point",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "99489623300237168435731014800083218473",
            "length": 675.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
        "id": "CVE-2023-52596-e069903c",
        "target": {
            "function": "insert_header",
            "file": "fs/proc/proc_sysctl.c"
        }
    },
    {
        "digest": {
            "function_hash": "6000987126646564693909845850384480822",
            "length": 97.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
        "id": "CVE-2023-52596-f96476fb",
        "target": {
            "function": "register_sysctl_mount_point",
            "file": "fs/proc/proc_sysctl.c"
        }
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52596.json"

Git / github.com/gregkh/linux