CVE-2023-53362

Changes in VFIO caused a pseudo-device to be created as child of fsl-mc devices causing a crash [1] when trying to bind a fsl-mc device to VFIO. Fix this by checking the device type when enumerating fsl-mc child devices.

[1] Modules linked in: Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP CPU: 6 PID: 1289 Comm: sh Not tainted 6.2.0-rc5-00047-g7c46948a6e9c #2 Hardware name: NXP Layerscape LX2160ARDB (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mcsendcommand+0x24/0x1f0 lr : dprcgetobjregion+0xfc/0x1c0 sp : ffff80000a88b900 x29: ffff80000a88b900 x28: ffff48a9429e1400 x27: 00000000000002b2 x26: ffff48a9429e1718 x25: 0000000000000000 x24: 0000000000000000 x23: ffffd59331ba3918 x22: ffffd59331ba3000 x21: 0000000000000000 x20: ffff80000a88b9b8 x19: 0000000000000000 x18: 0000000000000001 x17: 7270642f636d2d6c x16: 73662e3030303030 x15: ffffffffffffffff x14: ffffd59330f1d668 x13: ffff48a8727dc389 x12: ffff48a8727dc386 x11: 0000000000000002 x10: 00008ceaf02f35d4 x9 : 0000000000000012 x8 : 0000000000000000 x7 : 0000000000000006 x6 : ffff80000a88bab0 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000a88b9e8 x2 : ffff80000a88b9e8 x1 : 0000000000000000 x0 : ffff48a945142b80 Call trace: mcsendcommand+0x24/0x1f0 dprcgetobjregion+0xfc/0x1c0 fslmcdeviceadd+0x340/0x590 fslmcobjdeviceadd+0xd0/0xf8 dprcscanobjects+0x1c4/0x340 dprcscancontainer+0x38/0x60 vfiofslmcprobe+0x9c/0xf8 fslmcdriverprobe+0x24/0x70 reallyprobe+0xbc/0x2a8 _driverprobedevice+0x78/0xe0 devicedriverattach+0x30/0x68 bindstore+0xa8/0x130 drvattrstore+0x24/0x38 sysfskfwrite+0x44/0x60 kernfsfopwriteiter+0x128/0x1b8 vfswrite+0x334/0x448 ksyswrite+0x68/0xf0 _arm64syswrite+0x1c/0x28 invokesyscall+0x44/0x108 el0svccommon.constprop.1+0x94/0xf8 doel0svc+0x38/0xb0 el0svc+0x20/0x50 el0t64synchandler+0x98/0xc0 el0t64_sync+0x174/0x178 Code: aa0103f4 a9025bf5 d5384100 b9400801 (79401260) ---[ end trace 0000000000000000 ]---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3c28a76124b25882411f005924be73795b6ef078

Fixed

5bd9dc3e767edf582be483be8d6bbc7433bd4cf8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3c28a76124b25882411f005924be73795b6ef078

Fixed

8bdd5c21ec02835bd445d022f4c23195aff407d2

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3c28a76124b25882411f005924be73795b6ef078

Fixed

303c9c63abb9390e906052863f82bb4e9824e5c0

Affected versions

v6.*

v6.0

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.2

v6.4.3

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "101033088838025560301681056649412494760",
                "197598890224616610949010410745494783869",
                "279673766919342076350112955351146153422",
                "262416680693599199337941320543269344263",
                "246069531071497756524637093869418245816",
                "66384889348002128537958163976294858291",
                "173775733402993991855947708481874387974"
            ]
        },
        "id": "CVE-2023-53362-b58a0185",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5bd9dc3e767edf582be483be8d6bbc7433bd4cf8",
        "target": {
            "file": "drivers/bus/fsl-mc/dprc-driver.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "82617837442264092889144085866343020906",
            "length": 104.0
        },
        "id": "CVE-2023-53362-ccc7da9f",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5bd9dc3e767edf582be483be8d6bbc7433bd4cf8",
        "target": {
            "file": "drivers/bus/fsl-mc/dprc-driver.c",
            "function": "__fsl_mc_device_remove"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "323993561318420783745541753094640673214",
            "length": 375.0
        },
        "id": "CVE-2023-53362-e9db86d1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5bd9dc3e767edf582be483be8d6bbc7433bd4cf8",
        "target": {
            "file": "drivers/bus/fsl-mc/dprc-driver.c",
            "function": "__fsl_mc_device_remove_if_not_in_mc"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.1.0

Fixed

6.1.39

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.4.4