ALAS2023-2023-132 --- kernelID: oval:org.secpod.oval:def:19500115 | Date: (C)2023-06-12 (M)2024-04-29 |
Class: PATCH | Family: unix |
It has been discovered that on some AMD CPUs, the RAS is dynamically partitioned between non-idle threads. This allows an attacker to control speculative execution on the adjacent thread. The upstream bug report describes this issue as follows:A flaw found in the Linux Kernel in RDS protocol. The rds_rm_zerocopy_callback uses list_entry on the head of a list causing a type confusion. Local user can trigger this with rds_message_put. Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an OOB access, and a lock corruption
Platform: |
Amazon Linux 2023 |
Product: |
kernel |
perf |
python3-perf |
bpftool |