CVE-2023-52793

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52793
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

24 May 2024, 05:15

Type Values Removed Values Added
Summary (en) In the Linux kernel, the following vulnerability has been resolved: samples/bpf: syscall_tp_user: Fix array out-of-bound access Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint to syscall_tp sample") added two more eBPF programs to support the openat2() syscall. However, it did not increase the size of the array that holds the corresponding bpf_links. This leads to an out-of-bound access on that array in the bpf_object__for_each_program loop and could corrupt other variables on the stack. On our testing QEMU, it corrupts the map1_fds array and causes the sample to fail: # ./syscall_tp prog #0: map ids 4 5 verify map:4 val: 5 map_lookup failed: Bad file descriptor Dynamically allocate the array based on the number of programs reported by libbpf to prevent similar inconsistencies in the future (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
References
  • {'url': 'https://git.kernel.org/stable/c/61576b7a0f28f924da06bead92a39a6d9aa2404a', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/9220c3ef6fefbf18f24aeedb1142a642b3de0596', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://git.kernel.org/stable/c/de4825a444560f8cb78b03dda3ba873fab88bc4f', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

21 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-21 16:15

Updated : 2024-05-24 05:15

NVD link : CVE-2023-52793

Mitre link : CVE-2023-52793

CVE.ORG link : CVE-2023-52793

JSON object : View

Products Affected

No product.

CWE

No CWE.