{"id":"CVE-2023-52504","summary":"x86/alternatives: Disable KASAN in apply_alternatives()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]","modified":"2026-04-02T09:42:56.519385Z","published":"2024-03-02T21:52:18.500Z","related":["SUSE-SU-2024:1320-1","SUSE-SU-2024:1321-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1490-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52504.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52504.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52504"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6657fca06e3ffab8d0b3f9d8b397f5ee498952d7"},{"fixed":"3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"},{"fixed":"3770c38cd6a60494da29ac2da73ff8156440a2d1"},{"fixed":"6788b10620ca6e98575d1e06e72a8974aad7657e"},{"fixed":"ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"},{"fixed":"5b784489c8158518bf7a466bb3cc045b0fb66b4b"},{"fixed":"cd287cc208dfe6bd6da98e7f88e723209242c9b4"},{"fixed":"d35652a5fc9944784f6f50a5c979518ff8dacf61"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52504.json"}}],"schema_version":"1.7.5"}