CVE-2023-53555

damosnewfilter() is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMONRECLAIM are not initializing it after calling damosnewfilter(). As a result, accessing uninitialized memory is possible. Actually, adding multiple DAMOS filters via DAMON sysfs interface caused NULL pointer dereferencing. Initialize the field just after the allocation from damosnew_filter().

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53555.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

98def236f63c66629fb6b2d4b69cecffc5b46539

Fixed

da7beebb49c643cd03c54447ed66595936a7a1ce

Fixed

5f1fc67f2cb8d3035d3acd273b48b97835af8afd

Affected versions

v6.*

v6.2

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.10

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-53555-0bd23e1a",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "333204633282835700776082759037332123634",
                "258300320769972875071411766950632363230",
                "281533989091579474637725715434989482703",
                "224013116734930390264457804952712245149"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "mm/damon/core.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f1fc67f2cb8d3035d3acd273b48b97835af8afd",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53555-26616fc5",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "333204633282835700776082759037332123634",
                "258300320769972875071411766950632363230",
                "281533989091579474637725715434989482703",
                "224013116734930390264457804952712245149"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "mm/damon/core.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da7beebb49c643cd03c54447ed66595936a7a1ce",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53555-92a31cde",
        "deprecated": false,
        "digest": {
            "function_hash": "109660719648823488279834692911282776058",
            "length": 201.0
        },
        "signature_version": "v1",
        "target": {
            "function": "damos_new_filter",
            "file": "mm/damon/core.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f1fc67f2cb8d3035d3acd273b48b97835af8afd",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53555-b639d497",
        "deprecated": false,
        "digest": {
            "function_hash": "109660719648823488279834692911282776058",
            "length": 201.0
        },
        "signature_version": "v1",
        "target": {
            "function": "damos_new_filter",
            "file": "mm/damon/core.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da7beebb49c643cd03c54447ed66595936a7a1ce",
        "signature_type": "Function"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53555.json"

Git / github.com/gregkh/linux