CVE-2023-52619: pstore/ram: Fix crash when setting number of cpus to an odd number
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: Fix crash when setting number of cpus to an odd number
The Linux kernel CVE team has assigned CVE-2023-52619 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/20240318102117.2839904-9-lee@kernel.org/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: Fix crash when setting number of cpus to an odd number
When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zonesize addr of zone2 = BASE + zonesize2 ... The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va.
So, use ALIGNDOWN() to make sure the zone size is even to avoid this bug.
— NVD
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52619?
CVE-2023-52619 is categorized as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2023-52619?
To fix CVE-2023-52619, you should upgrade your Linux kernel to a version that is at least 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, 6.7.4, or 6.8.
What systems are affected by CVE-2023-52619?
CVE-2023-52619 affects multiple versions of the Linux kernel, specifically various packages under Red Hat and Debian.
What specific issue does CVE-2023-52619 address?
CVE-2023-52619 addresses a crash issue occurring in the pstore/ram component when setting an odd number of CPUs.
Is there a workaround for CVE-2023-52619?
There are no known workarounds for CVE-2023-52619, and the recommended action is to update the kernel.