CVE-2023-52455

{"id": "CVE-2023-52455", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-23T15:15:08.193", "references": [{"url": "https://git.kernel.org/stable/c/5e23e283910c9f30248732ae0770bcb0c9438abf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/98b8a550da83cc392a14298c4b3eaaf0332ae6ad", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bb57f6705960bebeb832142ce9abf43220c3eab1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5e23e283910c9f30248732ae0770bcb0c9438abf", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/98b8a550da83cc392a14298c4b3eaaf0332ae6ad", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/bb57f6705960bebeb832142ce9abf43220c3eab1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Don't reserve 0-length IOVA region\n\nWhen the bootloader/firmware doesn't setup the framebuffers, their\naddress and size are 0 in \"iommu-addresses\" property. If IOVA region is\nreserved with 0 length, then it ends up corrupting the IOVA rbtree with\nan entry which has pfn_hi < pfn_lo.\nIf we intend to use display driver in kernel without framebuffer then\nit's causing the display IOMMU mappings to fail as entire valid IOVA\nspace is reserved when address and length are passed as 0.\nAn ideal solution would be firmware removing the \"iommu-addresses\"\nproperty and corresponding \"memory-region\" if display is not present.\nBut the kernel should be able to handle this by checking for size of\nIOVA region and skipping the IOVA reservation if size is 0. Also, add\na warning if firmware is requesting 0-length IOVA region reservation."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu: no reservar regi\u00f3n IOVA de longitud 0 Cuando el gestor de arranque/firmware no configura los framebuffers, su direcci\u00f3n y tama\u00f1o son 0 en la propiedad \"iommu-addresses\". Si la regi\u00f3n IOVA est\u00e1 reservada con una longitud de 0, termina corrompiendo el rbtree de IOVA con una entrada que tiene pfn_hi &lt; pfn_lo. Si pretendemos utilizar el controlador de pantalla en el kernel sin framebuffer, entonces las asignaciones IOMMU de pantalla fallar\u00e1n ya que se reserva todo el espacio IOVA v\u00e1lido cuando la direcci\u00f3n y la longitud se pasan como 0. Una soluci\u00f3n ideal ser\u00eda que el firmware elimine la propiedad \"iommu-addresses\". y la \"regi\u00f3n de memoria\" correspondiente si la pantalla no est\u00e1 presente. Pero el kernel deber\u00eda poder manejar esto verificando el tama\u00f1o de la regi\u00f3n IOVA y omitiendo la reserva de IOVA si el tama\u00f1o es 0. Adem\u00e1s, agregue una advertencia si el firmware solicita una reserva de regi\u00f3n IOVA de longitud 0."}], "lastModified": "2024-11-21T08:39:48.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "723F5211-5C37-4F95-A4D3-FA6C2E6F914C", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}