109 Star 72 Fork 299

src-openEuler/kernel

 / 详情

CVE-2023-52989

进行中
CVE和安全问题 拥有者
创建于  
2025-03-28 02:05

一、漏洞信息
漏洞编号:CVE-2023-52989
漏洞归属组件:kernel
漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
CVSS V3.0分值:
BaseScore:5.5 Medium
Vector:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述:
In the Linux kernel, the following vulnerability has been resolved:firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP regionThis patch is fix for Linux kernel v2.6.33 or later.For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystemhave had an issue of use-after-free. The subsystem allows multipleuser space listeners to the region, while data of the payload was likelyreleased before the listeners execute read(2) to access to it for copyingto user space.The issue was fixed by a commit 281e20323ab7 ( firewire: core: fixuse-after-free regression in FCP handler ). The object of payload isduplicated in kernel space for each listener. When the listener executesioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going tobe released.However, it causes memory leak since the commit relies on call ofrelease_request() in drivers/firewire/core-cdev.c. Against theexpectation, the function is never called due to the design ofrelease_client_resource(). The function delegates release taskto caller when called with non-NULL fourth argument. The implementationof ioctl_send_response() is the case. It should release the objectexplicitly.This commit fixes the bug.
漏洞公开时间:2025-03-28 01:15:46
漏洞创建时间:2025-03-28 02:05:41
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2023-52989

更多参考(点击展开)
参考来源 参考链接 来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee
suse_bugzilla http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52989 https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52989.mbox https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103 https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253 https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616 https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d https://bugzilla.suse.com/show_bug.cgi?id=1240266
suse_bugzilla https://www.cve.org/CVERecord?id=CVE-2023-52989 https://bugzilla.suse.com/show_bug.cgi?id=1240266
redhat_bugzilla https://lore.kernel.org/linux-cve-announce/2025032708-CVE-2023-52989-1b68@gregkh/T https://bugzilla.redhat.com/show_bug.cgi?id=2355483
debian https://security-tracker.debian.org/tracker/CVE-2023-52989
anolis https://anas.openanolis.cn/cves/detail/CVE-2023-52989

漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息:

详情(点击展开)
影响的包 修复版本 修复补丁 问题引入补丁 来源
https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103 nvd
https://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d nvd
https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253 nvd
https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e nvd
https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db nvd
https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616 nvd
https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee nvd
linux_kernel 4.14.306 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b2cd3947d116bb9ba7ff097b5fc747a8956764dbIssue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=281e20323ab72180137824a298ee9e21e6f9acf6 linuxkernelcves
linux_kernel 4.19.273 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=356ff89acdbe6a66019154bc7eb2d300f5b15103Issue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=281e20323ab72180137824a298ee9e21e6f9acf6 linuxkernelcves
linux_kernel 5.4.232 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=53785fd9b315583cf029e39f72b73d23704a2253Issue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=281e20323ab72180137824a298ee9e21e6f9acf6 linuxkernelcves
linux_kernel 5.10.168 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d5a2dcee53fa6e6e2822f93cb3f1b0cd23163beeIssue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=281e20323ab72180137824a298ee9e21e6f9acf6 linuxkernelcves
linux_kernel 5.15.93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5f4543c9382ae2d5062f6aa4fecae0c9258d0b0eIssue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=281e20323ab72180137824a298ee9e21e6f9acf6 linuxkernelcves
linux_kernel 6.1.11 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c8bdc88216f09cb7387fedbdf613524367328616Issue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=281e20323ab72180137824a298ee9e21e6f9acf6 linuxkernelcves
linux_kernel 6.2 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=531390a243ef47448f8bad01c186c2787666bf4dPlease https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=281e20323ab72180137824a298ee9e21e6f9acf6 linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP regionThis patch is fix for Linux kernel v2.6.33 or later.For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystemhave had an issue of use-after-free. The subsystem allows multipleuser space listeners to the region, while data of the payload was likelyreleased before the listeners execute read(2) to access to it for copyingto user space.The issue was fixed by a commit 281e20323ab7 ("firewire: core: fixuse-after-free regression in FCP handler"). The object of payload isduplicated in kernel space for each listener. When the listener executesioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going tobe released.However, it causes memory leak since the commit relies on call ofrelease_request() in drivers/firewire/core-cdev.c. Against theexpectation, the function is never called due to the design ofrelease_client_resource(). The function delegates release taskto caller when called with non-NULL fourth argument. The implementationof ioctl_send_response() is the case. It should release the objectexplicitly.This commit fixes the bug.The Linux kernel CVE team has assigned CVE-2023-52989 to this issue.
openEuler评分:
3.9
Vector:CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.master(6.6.0):不受影响
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响
5.openEuler-24.03-LTS(6.6.0):不受影响
6.openEuler-24.03-LTS-Next(6.6.0):不受影响
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响
8.openEuler-24.03-LTS-SP2(6.6.0):

修复是否涉及abi变化(是/否):
1.master(6.6.0):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.openEuler-22.03-LTS-SP4(5.10.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否
8.openEuler-24.03-LTS-SP2(6.6.0):

原因说明:
1.openEuler-20.03-LTS-SP4(4.19.90):正常修复
2.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响-漏洞代码不能被攻击者触发
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS(6.6.0):不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP2(6.6.0):

评论 (5)

openeuler-ci-bot 创建了CVE和安全问题 1个月前
openeuler-ci-bot 添加了
 
CVE/UNFIXED
标签
1个月前
展开全部操作日志

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

openeuler-ci-bot 添加了
 
sig/Kernel
标签
1个月前
参考网址 关联pr 状态 补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2023-52989NoneNonehttps://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d
https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253
https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e
https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee
https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616
https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103
https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db
https://ubuntu.com/security/CVE-2023-52989NoneNonehttps://discourse.ubuntu.com/c/project
https://www.opencve.io/cve/CVE-2023-52989NoneNonehttps://git.kernel.org/stable/c/531390a243ef47448f8bad01c186c2787666bf4d
https://git.kernel.org/stable/c/53785fd9b315583cf029e39f72b73d23704a2253
https://git.kernel.org/stable/c/5f4543c9382ae2d5062f6aa4fecae0c9258d0b0e
https://git.kernel.org/stable/c/d5a2dcee53fa6e6e2822f93cb3f1b0cd23163bee
https://git.kernel.org/stable/c/c8bdc88216f09cb7387fedbdf613524367328616
https://git.kernel.org/stable/c/356ff89acdbe6a66019154bc7eb2d300f5b15103
https://git.kernel.org/stable/c/b2cd3947d116bb9ba7ff097b5fc747a8956764db
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-52989
https://security-tracker.debian.org/tracker/CVE-2023-52989
http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2023-52989

说明:补丁链接仅供初步排查参考,实际可用性请人工再次确认,补丁下载验证可使用CVE补丁工具
若补丁不准确,烦请在此issue下评论 '/report-patch 参考网址 补丁链接1,补丁链接2' 反馈正确信息,便于我们不断优化工具,不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

openeuler-ci-bot 修改了描述 1个月前

CVE-2023-52989

影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:

firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region

This patch is fix for Linux kernel v2.6.33 or later.

For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem
have had an issue of use-after-free. The subsystem allows multiple
user space listeners to the region, while data of the payload was likely
released before the listeners execute read(2) to access to it for copying
to user space.

The issue was fixed by a commit 281e20323ab7 ("firewire: core: fix
use-after-free regression in FCP handler"). The object of payload is
duplicated in kernel space for each listener. When the listener executes
ioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going to
be released.

However, it causes memory leak since the commit relies on call of
release_request() in drivers/firewire/core-cdev.c. Against the
expectation, the function is never called due to the design of
release_client_resource(). The function delegates release task
to caller when called with non-NULL fourth argument. The implementation
of ioctl_send_response() is the case. It should release the object
explicitly.

This commit fixes the bug.

The Linux kernel CVE team has assigned CVE-2023-52989 to this issue.

openEuler评分:(评分和向量)
3.9
AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

受影响版本排查(受影响/不受影响):
1.master(6.1.0):不受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS-SP3:不受影响
4.openEuler-22.03-LTS-SP4:不受影响
5.openEuler-24.03-LTS:不受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:不受影响

修复是否涉及abi变化(是/否):
1.master(6.1.0):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP3:否
4.openEuler-22.03-LTS-SP4:否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-24.03-LTS-SP1:否

原因说明:
1.master(23.08.5):不受影响-漏洞代码不能被攻击者触发
2.openEuler-20.03-LTS-SP4:正常修复
4.openEuler-22.03-LTS-SP3:不受影响-漏洞代码不能被攻击者触发
5.openEuler-22.03-LTS-SP4:不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS:不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP1:不受影响-漏洞代码不能被攻击者触发

openeuler-ci-bot 修改了描述 1个月前
openeuler-ci-bot 任务状态待办的 修改为进行中 1个月前
openeuler-ci-bot 修改了描述 25天前
openeuler-ci-bot 修改了描述 23天前
openeuler-ci-bot 计划开始日期设置为2025-03-28 23天前
openeuler-ci-bot 计划截止日期设置为2025-04-27 23天前
openeuler-ci-bot 优先级设置为次要 23天前
openeuler-ci-bot 修改了描述 18天前
openeuler-ci-bot 计划开始日期2025-03-28 修改为2025-04-10 3天前
openeuler-ci-bot 计划截止日期2025-04-27 修改为2025-05-10 3天前
openeuler-ci-bot 修改了描述 11小时前

登录 后才可以发表评论

状态
负责人
项目
里程碑
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
开始日期   -   截止日期
-
置顶选项
优先级
预计工期 (小时)
参与者(2)
5329419 openeuler ci bot 1632792936 hulk-robot-zhixiuzhou
1
https://gitee.com/src-openeuler/kernel.git
git@gitee.com:src-openeuler/kernel.git
src-openeuler
kernel
kernel

搜索帮助