CVE-2023-52797

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52797
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52797.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52797
Downstream
Published
2024-05-21T15:31:10Z
Modified
2025-10-21T14:47:33.328104Z
Summary
drivers: perf: Check find_first_bit() return value
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers: perf: Check findfirstbit() return value

We must check the return value of findfirstbit() before using the return value as an index array since it happens to overflow the array and then panic:

[ 107.318430] Kernel BUG [#1] [ 107.319434] CPU: 3 PID: 1238 Comm: kill Tainted: G E 6.6.0-rc6ubuntu-defconfig #2 [ 107.319465] Hardware name: riscv-virtio,qemu (DT) [ 107.319551] epc : pmusbiovfhandler+0x3a4/0x3ae [ 107.319840] ra : pmusbiovfhandler+0x52/0x3ae [ 107.319868] epc : ffffffff80a0a77c ra : ffffffff80a0a42a sp : ffffaf83fecda350 [ 107.319884] gp : ffffffff823961a8 tp : ffffaf8083db1dc0 t0 : ffffaf83fecda480 [ 107.319899] t1 : ffffffff80cafe62 t2 : 000000000000ff00 s0 : ffffaf83fecda520 [ 107.319921] s1 : ffffaf83fecda380 a0 : 00000018fca29df0 a1 : ffffffffffffffff [ 107.319936] a2 : 0000000001073734 a3 : 0000000000000004 a4 : 0000000000000000 [ 107.319951] a5 : 0000000000000040 a6 : 000000001d1c8774 a7 : 0000000000504d55 [ 107.319965] s2 : ffffffff82451f10 s3 : ffffffff82724e70 s4 : 000000000000003f [ 107.319980] s5 : 0000000000000011 s6 : ffffaf8083db27c0 s7 : 0000000000000000 [ 107.319995] s8 : 0000000000000001 s9 : 00007fffb45d6558 s10: 00007fffb45d81a0 [ 107.320009] s11: ffffaf7ffff60000 t3 : 0000000000000004 t4 : 0000000000000000 [ 107.320023] t5 : ffffaf7f80000000 t6 : ffffaf8000000000 [ 107.320037] status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003 [ 107.320081] [<ffffffff80a0a77c>] pmusbiovfhandler+0x3a4/0x3ae [ 107.320112] [<ffffffff800b42d0>] handlepercpudevidirq+0x9e/0x1a0 [ 107.320131] [<ffffffff800ad92c>] generichandledomainirq+0x28/0x36 [ 107.320148] [<ffffffff8065f9f8>] riscvintcirq+0x36/0x4e [ 107.320166] [<ffffffff80caf4a0>] handleriscvirq+0x54/0x86 [ 107.320189] [<ffffffff80cb0036>] doirq+0x64/0x96 [ 107.320271] Code: 85a6 855e b097 ff7f 80e7 9220 b709 9002 4501 bbd9 (9002) 6097 [ 107.320585] ---[ end trace 0000000000000000 ]--- [ 107.320704] Kernel panic - not syncing: Fatal exception in interrupt [ 107.320775] SMP: stopping secondary CPUs [ 107.321219] Kernel Offset: 0x0 from 0xffffffff80000000 [ 107.333051] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98
Fixed
2c86b24095fcf72cf51bc72d12e4350163b4e11d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98
Fixed
45a0de41ec383c8b7c6d442734ba3852dd2fc4a7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98
Fixed
c6e316ac05532febb0c966fa9b55f5258ed037be

Affected versions

v5.*

v5.17
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.10
v6.5.11
v6.5.12
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.7
v6.5.8
v6.5.9
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.2

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c86b24095fcf72cf51bc72d12e4350163b4e11d",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/perf/riscv_pmu_sbi.c"
        },
        "id": "CVE-2023-52797-1a5eb098",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137146871982591363136183644124729676029",
                "133811431853888791017457405425434528465",
                "188830142182494154452050481161273713790",
                "81708762196654442177581620815080353990"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45a0de41ec383c8b7c6d442734ba3852dd2fc4a7",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/perf/riscv_pmu_sbi.c"
        },
        "id": "CVE-2023-52797-86011180",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137146871982591363136183644124729676029",
                "133811431853888791017457405425434528465",
                "188830142182494154452050481161273713790",
                "81708762196654442177581620815080353990"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45a0de41ec383c8b7c6d442734ba3852dd2fc4a7",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "pmu_sbi_ovf_handler",
            "file": "drivers/perf/riscv_pmu_sbi.c"
        },
        "id": "CVE-2023-52797-b9c2bb52",
        "signature_type": "Function",
        "digest": {
            "length": 1230.0,
            "function_hash": "3346282980288123892921621368487969833"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2c86b24095fcf72cf51bc72d12e4350163b4e11d",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "pmu_sbi_ovf_handler",
            "file": "drivers/perf/riscv_pmu_sbi.c"
        },
        "id": "CVE-2023-52797-bacbba92",
        "signature_type": "Function",
        "digest": {
            "length": 1230.0,
            "function_hash": "3346282980288123892921621368487969833"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6e316ac05532febb0c966fa9b55f5258ed037be",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "pmu_sbi_ovf_handler",
            "file": "drivers/perf/riscv_pmu_sbi.c"
        },
        "id": "CVE-2023-52797-d7ca4b3e",
        "signature_type": "Function",
        "digest": {
            "length": 1230.0,
            "function_hash": "3346282980288123892921621368487969833"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c6e316ac05532febb0c966fa9b55f5258ed037be",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/perf/riscv_pmu_sbi.c"
        },
        "id": "CVE-2023-52797-fadf5730",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "137146871982591363136183644124729676029",
                "133811431853888791017457405425434528465",
                "188830142182494154452050481161273713790",
                "81708762196654442177581620815080353990"
            ]
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
6.5.13
Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.3