SB20240608204 - Improper locking in Linux kernel locking

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2023-52836)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389
• https://git.kernel.org/stable/c/d8267cabbe1bed15ccf8b0e684c528bf8eeef715
• https://git.kernel.org/stable/c/dcd85e3c929368076a7592b27f541e0da8b427f5
• https://git.kernel.org/stable/c/9ed2d68b3925145f5f51c46559484881d6082f75
• https://git.kernel.org/stable/c/e89d0ed45a419c485bae999426ecf92697cbdda3
• https://git.kernel.org/stable/c/c56df79d68677cf062da1b6e3b33e74299a92dfc
• https://git.kernel.org/stable/c/e36407713163363e65566e7af0abe207d5f59a0c
• https://git.kernel.org/stable/c/304a2c4aad0fff887ce493e4197bf9cbaf394479
• https://git.kernel.org/stable/c/bccdd808902f8c677317cec47c306e42b93b849e
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.331
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7