CVE-2023-52699
"Linux Kernel SysV Filesystem Deadlock and sb_bread() Pointer Lock Vulnerability"
Description
In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).
INFO
Published Date :
May 19, 2024, 11:15 a.m.
Last Modified :
April 4, 2025, 2:24 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
Yes !
Impact Score :
1.4
Exploitability Score :
3.9
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-52699.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-52699 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-52699 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Apr. 04, 2025
Action Type Old Value New Value Added CWE CWE-667 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.215 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.27 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.274 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.8.6 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.86 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.155 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.19.312 Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* Added Reference Type CVE: https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3 Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e Types: Patch Added Reference Type CVE: https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927 Types: Patch Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Types: Mailing List, Third Party Advisory Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Types: Mailing List, Third Party Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76 Added Reference https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f Added Reference https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09 Added Reference https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1 Added Reference https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac Added Reference https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3 Added Reference https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e Added Reference https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927 Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 06, 2024
Action Type Old Value New Value Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Nov. 04, 2024
Action Type Old Value New Value Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 27, 2024
Action Type Old Value New Value Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned] -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 25, 2024
Action Type Old Value New Value Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned] -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 29, 2024
Action Type Old Value New Value -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 19, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock). Added Reference kernel.org https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-52699 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-52699
weaknesses.