CVE-2023-52701 Information

Description

In the Linux kernel the following vulnerability has been resolved:

net: use a bounce buffer for copying skb->mark

syzbot found arm64 builds would crash in sock_recv_mark() when CONFIG_HARDENED_USERCOPY=y

x86 and powerpc are not detecting the issue because they define user_access_begin. This will be handled in a different patch because a check_object_size() is missing.

Only data from skb->cb[] can be copied directly to/from user space as explained in commit 79a8a642bf05 ( et: Whitelist the skbuff_head_cache ## Reference https://git.kernel.org/stable/c/863a7de987f02a901bf215509276a7de0370e0f9 https://git.kernel.org/stable/c/2558b8039d059342197610498c8749ad294adee5