CVE-2023-52942

It was found that the check to see if a partition could use up all the cpus from the parent cpuset in updateparentsubparts_cpumask() was incorrect. As a result, it is possible to leave parent with no effective cpu left even if there are tasks in the parent cpuset. This can lead to system panic as reported in [1].

Fix this probem by updating the check to fail the enabling the partition if parent's effectivecpus is a subset of the child's cpusallowed.

Also record the error code when an error happens in update_prstate() and add a test case where parent partition and child have the same cpu list and parent has task. Enabling partition in the child will fail in this case.

[1] https://www.spinics.net/lists/cgroups/msg36254.html

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52942.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f0af1bfc27b52a4d42510051154c61bd176a8f06

Fixed

a2ab7f2cf5ef8f0c6212a246e681d1fe358cec1f

Fixed

e5ae8803847b80fe9d744a3174abe2b7bfed222a

Affected versions

v6.*

v6.0

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-52942-129e8b1e",
        "signature_version": "v1",
        "digest": {
            "function_hash": "220934940524380146311611885798616738441",
            "length": 3668.0
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2ab7f2cf5ef8f0c6212a246e681d1fe358cec1f",
        "signature_type": "Function",
        "target": {
            "file": "kernel/cgroup/cpuset.c",
            "function": "update_parent_subparts_cpumask"
        }
    },
    {
        "id": "CVE-2023-52942-56dbd949",
        "signature_version": "v1",
        "digest": {
            "function_hash": "320182865802910136823574401269873870778",
            "length": 1742.0
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e5ae8803847b80fe9d744a3174abe2b7bfed222a",
        "signature_type": "Function",
        "target": {
            "file": "kernel/cgroup/cpuset.c",
            "function": "update_prstate"
        }
    },
    {
        "id": "CVE-2023-52942-60e75a79",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "104583713207094846154222370717857880246",
                "248713050108802691039960750338948857446",
                "294687124816757997705729974870319798032",
                "330439391348821166163923890554261410262",
                "155783158267571015306112509673114832457",
                "32546609468358978000579437651990335540",
                "117823275184060319878914431275586544537",
                "124960774531218488558673946448516041170"
            ]
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2ab7f2cf5ef8f0c6212a246e681d1fe358cec1f",
        "signature_type": "Line",
        "target": {
            "file": "kernel/cgroup/cpuset.c"
        }
    },
    {
        "id": "CVE-2023-52942-6db872ca",
        "signature_version": "v1",
        "digest": {
            "function_hash": "220934940524380146311611885798616738441",
            "length": 3668.0
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e5ae8803847b80fe9d744a3174abe2b7bfed222a",
        "signature_type": "Function",
        "target": {
            "file": "kernel/cgroup/cpuset.c",
            "function": "update_parent_subparts_cpumask"
        }
    },
    {
        "id": "CVE-2023-52942-7920836e",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "104583713207094846154222370717857880246",
                "248713050108802691039960750338948857446",
                "294687124816757997705729974870319798032",
                "330439391348821166163923890554261410262",
                "155783158267571015306112509673114832457",
                "32546609468358978000579437651990335540",
                "117823275184060319878914431275586544537",
                "124960774531218488558673946448516041170"
            ]
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e5ae8803847b80fe9d744a3174abe2b7bfed222a",
        "signature_type": "Line",
        "target": {
            "file": "kernel/cgroup/cpuset.c"
        }
    },
    {
        "id": "CVE-2023-52942-ecd782bc",
        "signature_version": "v1",
        "digest": {
            "function_hash": "320182865802910136823574401269873870778",
            "length": 1742.0
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2ab7f2cf5ef8f0c6212a246e681d1fe358cec1f",
        "signature_type": "Function",
        "target": {
            "file": "kernel/cgroup/cpuset.c",
            "function": "update_prstate"
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52942.json"

Git / github.com/gregkh/linux