CVE-2023-52615: hwrng: core - Fix page fault dead lock on mmap-ed hwrng
In the Linux kernel, the following vulnerability has been resolved:
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
The Linux kernel CVE team has assigned CVE-2023-52615 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/20240318101458.2835626-10-lee@kernel.org/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks.
Fix this by using a stack buffer when calling copytouser.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52615?
CVE-2023-52615 is classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2023-52615?
To fix CVE-2023-52615, upgrade to the patched versions of the Linux kernel: 4.19.308, 5.4.270, 5.10.211, 5.15.150, 6.1.77, 6.6.16, 6.7.4, or 6.8.
Which Linux kernel versions are affected by CVE-2023-52615?
CVE-2023-52615 affects Linux kernel versions from 2.6.33 up to but not including 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, and 6.8.
What type of vulnerability is CVE-2023-52615?
CVE-2023-52615 is a page fault deadlock vulnerability related to the hardware random number generator functionality in the Linux kernel.
Is there a workaround for CVE-2023-52615?
There is no specific workaround for CVE-2023-52615; updating to a secure version is the recommended mitigation.