In the Linux kernel, the following vulnerability has been resolved:
iommufd: Fix missing update of domainsitree after splitting ioptarea
In ioptareasplit(), if the original ioptarea has filled a domain and is linked to domainsitree, pagesnodes have to be properly reinserted. Otherwise the domainsitree becomes corrupted and we will UAF.
{ "vanir_signatures": [ { "id": "CVE-2023-52801-27821468", "signature_type": "Function", "target": { "file": "drivers/iommu/iommufd/io_pagetable.c", "function": "iopt_area_split" }, "signature_version": "v1", "digest": { "length": 1766.0, "function_hash": "117399328622320694808815290011580524681" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fcb32111f01ddf3cbd04644cde1773428e31de6a" }, { "id": "CVE-2023-52801-7e3797a4", "signature_type": "Line", "target": { "file": "drivers/iommu/iommufd/io_pagetable.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "159053829131172892219887914087605477312", "208419378661588398480359131438047768795", "65978723469241420189220006589546250840" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@836db2e7e4565d8218923b3552304a1637e2f28d" }, { "id": "CVE-2023-52801-7f1b22a5", "signature_type": "Function", "target": { "file": "drivers/iommu/iommufd/io_pagetable.c", "function": "iopt_area_split" }, "signature_version": "v1", "digest": { "length": 1846.0, "function_hash": "36286984632937619884566745855128326976" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7250ab7ca4998fe026f2149805b03e09dc32498" }, { "id": "CVE-2023-52801-914c626a", "signature_type": "Line", "target": { "file": "drivers/iommu/iommufd/io_pagetable.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "159053829131172892219887914087605477312", "208419378661588398480359131438047768795", "65978723469241420189220006589546250840" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fcb32111f01ddf3cbd04644cde1773428e31de6a" }, { "id": "CVE-2023-52801-996f2e70", "signature_type": "Line", "target": { "file": "drivers/iommu/iommufd/io_pagetable.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "159053829131172892219887914087605477312", "208419378661588398480359131438047768795", "65978723469241420189220006589546250840" ], "threshold": 0.9 }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e7250ab7ca4998fe026f2149805b03e09dc32498" }, { "id": "CVE-2023-52801-f0c1a138", "signature_type": "Function", "target": { "file": "drivers/iommu/iommufd/io_pagetable.c", "function": "iopt_area_split" }, "signature_version": "v1", "digest": { "length": 1766.0, "function_hash": "117399328622320694808815290011580524681" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@836db2e7e4565d8218923b3552304a1637e2f28d" } ] }