Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 1 Mar 2023 16:32:42 +0100
From: Pietro Borrello <borrello@...g.uniroma1.it>
To: oss-security@...ts.openwall.com
Subject: CVE-2023-1077: Linux kernel: Type confusion in pick_next_rt_entity()

Hi all,

I am disclosing a type confusion in the RT scheduling stack of the Linux Kernel.
pick_next_rt_entity() caller checks that list_entry() on the scheduler queue
does not return NULL, using a BUG_ON.
However, this condition can never happen.
For an empty list, list_entry() returns a type confused view of the list_head.
The buggy condition would lead to the use of a type confused sched_rt_entity,
causing memory corruption.

The proposed patch has been merged in the Linux tree:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97

The issue has been assigned CVE-2023-1077.

Best regards,
Pietro Borrello

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.