In the Linux kernel, the following vulnerability has been resolved:
sysctl: Fix out of bounds access for empty sysctl registers
When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories.
The function registersysctlmountpoint now passes a ctltable of size 1 instead of size 0. It now relies solely on the type to identify a permanently empty register.
Make sure that the ctl_table has at least one element before testing for permanent emptiness.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52596.json"
}[
{
"digest": {
"function_hash": "13030975381535929140704745199424915605",
"length": 605.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
"id": "CVE-2023-52596-02c2af95",
"target": {
"function": "get_links",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "13030975381535929140704745199424915605",
"length": 605.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
"id": "CVE-2023-52596-13683935",
"target": {
"function": "get_links",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"line_hashes": [
"331205227813525748337449475577217144180",
"202362387178292020068925319666755021199",
"225029166757210277283604577720689002337",
"172286940978710546818091141344873937912",
"16032621808443415313783348230106002329",
"17199042881259572953803774662763916983",
"33060458492404124636602009380922270542",
"26906992715676139971118793963108332113",
"72046208143686113784618107656390036547",
"91150481204991021138829032858631434142",
"289065514686434675368869729466370063579"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
"id": "CVE-2023-52596-1b63c502",
"target": {
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"line_hashes": [
"331205227813525748337449475577217144180",
"202362387178292020068925319666755021199",
"225029166757210277283604577720689002337",
"172286940978710546818091141344873937912",
"16032621808443415313783348230106002329",
"17199042881259572953803774662763916983",
"33060458492404124636602009380922270542",
"26906992715676139971118793963108332113",
"72046208143686113784618107656390036547",
"91150481204991021138829032858631434142",
"289065514686434675368869729466370063579"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
"id": "CVE-2023-52596-42c01c27",
"target": {
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "99489623300237168435731014800083218473",
"length": 675.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
"id": "CVE-2023-52596-4650bfeb",
"target": {
"function": "insert_header",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "13030975381535929140704745199424915605",
"length": 605.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
"id": "CVE-2023-52596-473a904f",
"target": {
"function": "get_links",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "6000987126646564693909845850384480822",
"length": 97.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
"id": "CVE-2023-52596-8859265e",
"target": {
"function": "register_sysctl_mount_point",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "99489623300237168435731014800083218473",
"length": 675.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
"id": "CVE-2023-52596-afff5ea7",
"target": {
"function": "insert_header",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"line_hashes": [
"331205227813525748337449475577217144180",
"202362387178292020068925319666755021199",
"225029166757210277283604577720689002337",
"172286940978710546818091141344873937912",
"16032621808443415313783348230106002329",
"17199042881259572953803774662763916983",
"33060458492404124636602009380922270542",
"26906992715676139971118793963108332113",
"72046208143686113784618107656390036547",
"91150481204991021138829032858631434142",
"289065514686434675368869729466370063579"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
"id": "CVE-2023-52596-ca138a8f",
"target": {
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "6000987126646564693909845850384480822",
"length": 97.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@15893975e9e382f8294ea8d926f08dc2d8d39ede",
"id": "CVE-2023-52596-cd61f8e5",
"target": {
"function": "register_sysctl_mount_point",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "99489623300237168435731014800083218473",
"length": 675.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2ae7081bc10123b187e36a4f3a8e53768de31489",
"id": "CVE-2023-52596-e069903c",
"target": {
"function": "insert_header",
"file": "fs/proc/proc_sysctl.c"
}
},
{
"digest": {
"function_hash": "6000987126646564693909845850384480822",
"length": 97.0
},
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@315552310c7de92baea4e570967066569937a843",
"id": "CVE-2023-52596-f96476fb",
"target": {
"function": "register_sysctl_mount_point",
"file": "fs/proc/proc_sysctl.c"
}
}
]
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52596.json"