CVE-2023-52615

Updated: 2024-12-12 23:34:34.180674

Description:

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Needs Triage 2024-11-12 12:09:57
AlmaLinux 9.2 FIPS kernel 5.14.0 5.5 MEDIUM Ignored 2024-07-02 14:25:26
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-07-02 14:25:26
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-07-02 14:25:26
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-07-09 05:15:28
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-07-09 05:15:29
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-07-03 10:07:31
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-07-02 14:25:26
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-07-02 17:22:44
Ubuntu 16.04 ELS linux 4.4.0 5.5 MEDIUM Released CLSA-2024:1716269479 2024-05-21 05:35:02
Total: 12