CVE-2023-52652 - Linux Kernel NTB Name Leak Vulnerability Resolved

The Linux kernel is known for its robust and secure design, but that doesn't mean it's immune to the occasional vulnerability. Recently, developers have identified and resolved a crucial vulnerability (CVE-2023-52652) in the Linux kernel's Non-Transparent Bridge (NTB) subsystem. This vulnerability, which was present in the ntb_register_device() function, could potentially lead to a name leak and cause unintended consequences.

In this long read, we will dive deeper into the vulnerability, the code snippet that caused the issue, and how developers have addressed it to provide better security. We will also provide links to relevant sources and detailed information about the exploit.

Vulnerability Details:

The issue lies in the Linux kernel's ntb_register_device() function, specifically when the device_register() function fails. In this situation, the device name allocated by the dev_set_name() function should be freed. However, due to a missing call to put_device(), this was not happening.

Developers have resolved this by ensuring that put_device() is called in the error path, allowing the name to be freed in kobject_cleanup() and preventing a possible name leak. Additionally, developers have removed the put_device() call in the error path of ntb_register_device() and properly returned the actual error.

Here's the original code snippet that caused the issue

...
if (device_register(&ntb->pdev->dev)) {
    dev_err(&ntb->pdev->dev, "Failed to register device\n");
    ntb_tool_remove(ntb);
    return PTR_ERR(&ntb->pdev->dev); // Incorrect return value
}
...

The new, patched code snippet resolving the issue is as follows

...
ret = device_register(&ntb->pdev->dev);
if (ret) {
    dev_err(&ntb->pdev->dev, "Failed to register device\n");
    ntb_tool_remove(ntb);
    put_device(dev); // Correctly frees the name
    return ret; // Proper error return
}
...

References:

1. Original Linux kernel commit addressing the vulnerability
2. Linux kernel source code
3. Non-Transparent Bridge (NTB) subsystem documentation

Exploit Details:

While the vulnerability can cause a name leak, it appears that exploiting it may not be straightforward. Currently, no known exploits are specifically targeting this issue. As a preventive measure, it is essential that users and system administrators apply the relevant kernel patches and updates as soon as possible.

In conclusion, the Linux kernel developers identified and effectively resolved the NTB name leak vulnerability (CVE-2023-52652) in the ntb_register_device() function. Patching the kernel will ensure that affected systems are not left open to potential exploitation of this vulnerability. Always ensure that your Linux installations are up-to-date and secured with the latest patches to minimize security risks.

Timeline

Published on: 05/01/2024 13:15:48 UTC
Last modified on: 05/29/2024 05:15:08 UTC