CVE-2023-52813: crypto: pcrypt - Fix hungtask for PADATA_RESET

Published May 21, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix hungtask for PADATARESET

The Linux kernel CVE team has assigned CVE-2023-52813 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052103-CVE-2023-52813-0704@gregkh/T

Other sources

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix hungtask for PADATARESET

We found a hungtask bug in testaeadveccfg as follows:

INFO: task cryptomgrtest:391009 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hungtasktimeoutsecs" disables this message. Call trace: switchto+0x98/0xe0 schedule+0x6c4/0xf40 schedule+0xd8/0x1b4 scheduletimeout+0x474/0x560 waitforcommon+0x368/0x4e0 waitforcompletion+0x20/0x30 waitforcompletion+0x20/0x30 testaeadveccfg+0xab4/0xd50 testaead+0x144/0x1f0 algtestaead+0xd8/0x1e0 algtest+0x634/0x890 cryptomgrtest+0x40/0x70 kthread+0x1e0/0x220 retfromfork+0x10/0x18 Kernel panic - not syncing: hungtask: blocked tasks

For padatadoparallel, when the return err is 0 or -EBUSY, it will call waitforcompletion(&wait->completion) in testaeadveccfg. In normal case, aeadrequestcomplete() will be called in pcryptaeadserial and the return err is 0 for padatadoparallel. But, when pinst->flags is PADATARESET, the return err is -EBUSY for padatadoparallel, and it won't call aeadrequestcomplete(). Therefore, testaeadveccfg will hung at waitforcompletion(&wait->completion), which will cause hungtask.

The problem comes as following: (padatadoparallel) | rcureadlockbh(); | err = -EINVAL; | (padatareplace) | pinst->flags |= PADATARESET; err = -EBUSY | if (pinst->flags & PADATARESET) | rcureadunlockbh() | return err

In order to resolve the problem, we replace the return err -EBUSY with -EAGAIN, which means paralleldata is changing, and the caller should call it again.

v3: remove retry and just change the return err. v2: introduce padatatrydoparallel() in pcryptaeadencrypt and pcryptaeaddecrypt to solve the hungtask.

NVD

Affected Software

21 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
redhat/kernel<4.14.331
4.14.331
redhat/kernel<4.19.300
4.19.300
redhat/kernel<5.4.262
5.4.262
redhat/kernel<5.10.202
5.10.202
redhat/kernel<5.15.140
5.15.140
redhat/kernel<6.1.64
6.1.64
redhat/kernel<6.5.13
6.5.13
redhat/kernel<6.6.3
6.6.3
redhat/kernel<6.7
6.7
Linux Linux kernel>=2.6.34<4.14.331
Linux Linux kernel>=4.15<4.19.300
Linux Linux kernel>=4.20<5.4.262
Linux Linux kernel>=5.5<5.10.202
Linux Linux kernel>=5.11<5.15.140
Linux Linux kernel>=5.16<6.1.64
Linux Linux kernel>=6.2<6.5.13
Linux Linux kernel>=6.6<6.6.3

Remediation

Patch Available

https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0

Patch Available

https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28

Patch Available

https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316

Patch Available

https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523

Patch Available

https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e

Patch Available

https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7

Patch Available

https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf

Patch Available

https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d

Patch Available

https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818

Event History

May 21, 2024
CVE Published
via MITRE·03:31 PM
Data Sourced
via MITRE·03:31 PM
Description
Data Sourced
via NVD·04:15 PM
RemedyDescriptionSeverityAffected Software
May 22, 2024
Data Sourced
via Red Hat·05:42 PM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52813?

CVE-2023-52813 has been classified with a medium severity level due to the potential impact on system stability.

2

How do I fix CVE-2023-52813?

To resolve CVE-2023-52813, upgrade the Linux kernel to a version greater than or equal to the recommended patched versions listed in the advisory.

3

What systems are affected by CVE-2023-52813?

CVE-2023-52813 affects several Red Hat kernel versions and IBM Security Verify Governance products up to specific versions.

4

Is there a workaround for CVE-2023-52813?

There are no known workarounds for CVE-2023-52813, and applying the appropriate patches is the recommended course of action.

5

When was CVE-2023-52813 disclosed?

CVE-2023-52813 was disclosed as part of an advisory from the Linux kernel CVE team.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203