CVE-2023-53326
- Source
- https://cve.org/CVERecord?id=CVE-2023-53326
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53326.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53326
- Downstream
- Related
- Published
- 2025-09-16T16:12:01.464Z
- Modified
- 2026-04-02T09:44:00.358181Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- powerpc: Don't try to copy PPR for task with NULL pt_regs
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
powerpc: Don't try to copy PPR for task with NULL pt_regs
powerpc sets up PFKTHREAD and PFIOWORKER with a NULL ptregs, which from my (arguably very short) checking is not commonly done for other archs. This is fine, except when PFIOWORKER's have been created and the task does something that causes a coredump to be generated. Then we get this crash:
Kernel attempted to read user page (160) - exploit attempt? (uid: 1000) BUG: Kernel NULL pointer dereference on read at 0x00000160 Faulting instruction address: 0xc0000000000c3a60 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGESIZE=64K MMU=Radix SMP NRCPUS=32 NUMA pSeries Modules linked in: bochs drmvramhelper drmkmshelper xts binfmtmisc ecb ctr syscopyarea sysfillrect cbc sysimgblt drmttmhelper aesgeneric ttm sg libaes evdev joydev virtioballoon vmxcrypto gf128mul drm dmmod fuse loop configfs drmpanelorientationquirks iptables xtables autofs4 hidgeneric usbhid hid xhcipci xhcihcd usbcore usbcommon sdmod CPU: 1 PID: 1982 Comm: ppc-crash Not tainted 6.3.0-rc2+ #88 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c0000000000c3a60 LR: c000000000039944 CTR: c0000000000398e0 REGS: c0000000041833b0 TRAP: 0300 Not tainted (6.3.0-rc2+) MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 88082828 XER: 200400f8 ... NIP memcpypower7+0x200/0x7d0 LR pprget+0x64/0xb0 Call Trace: pprget+0x40/0xb0 (unreliable) _regsetget+0x180/0x1f0 regsetgetalloc+0x64/0x90 elfcoredump+0xb98/0x1b60 docoredump+0x1c34/0x24a0 getsignal+0x71c/0x1410 donotifyresume+0x140/0x6f0 interruptexituserpreparemain+0x29c/0x320 interruptexituserprepare+0x6c/0xa0 interruptreturnsrruser+0x8/0x138
Because pprget() is trying to copy from a PFIOWORKER with a NULL ptregs.
Check for a valid ptregs in both ppcget/ppr_set, and return an error if not set. The actual error value doesn't seem to be important here, so just pick -EINVAL.
[mpe: Trim oops in change log, add Fixes & Cc stable]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53326.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/01849382373b867ddcbe7536b9dfa89f3bcea60e
- https://git.kernel.org/stable/c/064a1c7b0f8403260d77627e62424a72ca26cee2
- https://git.kernel.org/stable/c/7624973bc15b76d000e8e6f9b8080fcb76d36595
- https://git.kernel.org/stable/c/80a4200d51e5a7e046f4a90f5faa5bafd5a60c58
- https://git.kernel.org/stable/c/fd7276189450110ed835eb0a334e62d2f1c4e3be
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53326.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53326
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfa439810cc1b3c927ec24ede17d02467e1b143a1Fixed80a4200d51e5a7e046f4a90f5faa5bafd5a60c58Fixed7624973bc15b76d000e8e6f9b8080fcb76d36595Fixed064a1c7b0f8403260d77627e62424a72ca26cee2Fixed01849382373b867ddcbe7536b9dfa89f3bcea60eFixedfd7276189450110ed835eb0a334e62d2f1c4e3be