CVE-2023-52940 Information

Description

In the Linux kernel the following vulnerability has been resolved:

mm: multi-gen LRU: fix crash during cgroup migration

lru_gen_migrate_mm() assumes lru_gen_add_mm() runs prior to itself. This isn’t true for the following scenario:

CPU 1                         CPU 2

clone() cgroup_can_fork() cgroup_procs_write() cgroup_post_fork() task_lock() lru_gen_migrate_mm() task_unlock() task_lock() lru_gen_add_mm() task_unlock()

And when the above happens kernel crashes because of linked list corruption (mm_struct->lru_gen.list).

Reference

https://git.kernel.org/stable/c/04448022311cebd30969d3aebdde765f1258b360 https://git.kernel.org/stable/c/de08eaa6156405f2e9369f06ba5afae0e4ab3b62