CVE-2023-52772: Fixing use-after-free vulnerability in af_unix: unix_stream_read_actor() in the Linux kernel
The af_unix socket subsystem in the Linux kernel plays a critical role in the communication of Unix domain sockets. Recently, a use-after-free vulnerability was discovered and fixed in unix_stream_read_actor() within the af_unix subsystem. This vulnerability was assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2023-52772.
The crash leading to the discovery of the vulnerability was reported by syzbot [1], an automated system for testing kernel configurations. The issue began when the unix socket lock was released, allowing other threads to modify u->oob_skb. Increasing the temporary reference count of the socket buffer (skb) ensured that other threads would not free the skb while it was in use, mitigating the potential exploitation of the vulnerability.
The full crash report from syzbot can be found here. A brief excerpt follows:
BUG: KASAN: slab-use-after-free in unix_stream_read_actor+xa7/xc net/unix/af_unix.c:2866
Read of size 4 at addr ffff88801f3b9cc4 by task syz-executor107/5297
CPU: 1 PID: 5297 Comm: syz-executor107 Not tainted 6.6.-syzkaller-15910-gb8e3a87a627b #
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
...
The fix for this vulnerability involves temporarily increasing the reference count of skb to prevent other threads from freeing it while it is in use. You can find the detailed patch for this issue on the Linux kernel mailing list.
In order to protect your Linux kernel from this vulnerability, it is essential to update your kernel to the latest patched version. It is also recommended to keep a close eye on any security updates and apply them promptly.
In conclusion, this vulnerability highlights the importance of thorough testing and patch management for the Linux kernel and other critical components of computing systems. By staying aware of security updates and addressing potential issues proactively, we can help ensure the security and stability of Linux systems and reduce the risk of exploitation.
Timeline
Published on: 05/21/2024 16:15:16 UTC
Last modified on: 05/29/2024 05:17:05 UTC