Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2023-52434) (Multiple Advisories): kernel security, bug fix, and enhancement update

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: (CVE-2023-52434) (Multiple Advisories): kernel security, bug fix, and enhancement update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
02/20/2024
Created
05/21/2024
Added
05/14/2024
Modified
05/28/2024

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential OOBs in smb2_parse_contexts()

Validate offsets and lengths before dereferencing create contexts in

smb2_parse_contexts().

This fixes following oops when accessing invalid create contexts from

server:

BUG: unable to handle page fault for address: ffff8881178d8cc3

#PF: supervisor read access in kernel mode

#PF: error_code(0x0000) - not-present page

PGD 4a01067 P4D 4a01067 PUD 0

Oops: 0000 [#1] PREEMPT SMP NOPTI

CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1

Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS

rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014

RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]

Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00

00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7

7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00

RSP: 0018:ffffc900007939e0 EFLAGS: 00010216

RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90

RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000

RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000

R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000

R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22

FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)

knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0

PKRU: 55555554

Call Trace:

<TASK>

? __die+0x23/0x70

? page_fault_oops+0x181/0x480

? search_module_extables+0x19/0x60

? srso_alias_return_thunk+0x5/0xfbef5

? exc_page_fault+0x1b6/0x1c0

? asm_exc_page_fault+0x26/0x30

? smb2_parse_contexts+0xa0/0x3a0 [cifs]

SMB2_open+0x38d/0x5f0 [cifs]

? smb2_is_path_accessible+0x138/0x260 [cifs]

smb2_is_path_accessible+0x138/0x260 [cifs]

cifs_is_path_remote+0x8d/0x230 [cifs]

cifs_mount+0x7e/0x350 [cifs]

cifs_smb3_do_mount+0x128/0x780 [cifs]

smb3_get_tree+0xd9/0x290 [cifs]

vfs_get_tree+0x2c/0x100

? capable+0x37/0x70

path_mount+0x2d7/0xb80

? srso_alias_return_thunk+0x5/0xfbef5

? _raw_spin_unlock_irqrestore+0x44/0x60

__x64_sys_mount+0x11a/0x150

do_syscall_64+0x47/0xf0

entry_SYSCALL_64_after_hwframe+0x6f/0x77

RIP: 0033:0x7f8737657b1e

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;