Vulnerabilities > CVE-2023-52633 - Out-of-bounds Write vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In 'basic' time-travel mode (without =inf-cpu or =ext), we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timer_read(), which pushes time forward just a little bit. Then, if we happen to get the interrupt after calculating the new time to push to, but before actually finishing that, the interrupt will set the time to a value that's incompatible with the forward, and we'll crash because time goes backwards when we do the forwarding. Fix this by reading the time_travel_time, calculating the adjustment, and doing the adjustment all with interrupts disabled.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/0c7478a2da3f5fe106b4658338873d50c86ac7ab
- https://git.kernel.org/stable/c/0c7478a2da3f5fe106b4658338873d50c86ac7ab
- https://git.kernel.org/stable/c/4f7dad73df4cdb2b7042103d3922745d040ad025
- https://git.kernel.org/stable/c/4f7dad73df4cdb2b7042103d3922745d040ad025
- https://git.kernel.org/stable/c/abe4eaa8618bb36c2b33e9cdde0499296a23448c
- https://git.kernel.org/stable/c/abe4eaa8618bb36c2b33e9cdde0499296a23448c
- https://git.kernel.org/stable/c/b427f55e9d4185f6f17cc1e3296eb8d0c4425283
- https://git.kernel.org/stable/c/b427f55e9d4185f6f17cc1e3296eb8d0c4425283
- https://git.kernel.org/stable/c/de3e9d8e8d1ae0a4d301109d1ec140796901306c
- https://git.kernel.org/stable/c/de3e9d8e8d1ae0a4d301109d1ec140796901306c