CVE-2023-53856

When ofoverlayfdtapply() fails, the changeset may be partially applied, and the caller is still expected to call ofoverlay_remove() to clean up this partial state.

However, ofoverlayapply() calls ofresolvephandles() before initoverlaychangeset(). Hence if the overlay fails to apply due to an unresolved symbol, the overlaychangeset.cset.entries list is still uninitialized, and cleanup will crash with a NULL-pointer dereference in overlayremovalisok().

Fix this by moving the call to ofchangesetinit() from initoverlaychangeset() to ofoverlayfdt_apply(), where all other early initialization is done.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53856.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f948d6d8b792bb90041edc12eac35faf83030994

Fixed

01bb96ad38089f5cc6de7746dac13437d35eb1dc

Fixed

3fb210cd521c9efcb211e9f5ce40fc907200bf13

Fixed

be86241bf5d1efd16d8a7231c13b33459c5d755d

Fixed

c403c81b577a67fe9ec6a2e89d143256487be50f

Fixed

a9515ff4fb142b690a0d2b58782b15903b990dba

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53856.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

5.15.132

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.53

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.4.16

Type: ECOSYSTEM
Events: Introduced

6.5.0

Fixed

6.5.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53856.json"