Unrated severityNVD Advisory· Published Mar 2, 2024· Updated May 4, 2025

x86/alternatives: Disable KASAN in apply_alternatives()

CVE-2023-52504

Description

In the Linux kernel, the following vulnerability has been resolved:

Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine:

BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ...

On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().

KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.

Fix it for real by disabling KASAN while the kernel is patching alternatives.

[ mingo: updated the changelog ]

Affected products

100

osv-coords99 versions
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_25&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_12&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Server%204.3 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Manager%20Server%204.3
< 5.14.21-150500.55.59.1+ 98 more
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1.150500.6.25.7
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150400.15.76.1
- (no CPE)range: < 5.14.21-150400.15.76.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150500.55.59.1.150500.6.25.7
- (no CPE)range: < 5.14.21-150500.55.59.1.150500.6.25.7
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1.150400.24.54.5
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 1-150400.9.5.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.7.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150400.15.76.1
- (no CPE)range: < 5.14.21-150400.15.76.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.15.76.1
- (no CPE)range: < 5.14.21-150400.15.76.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.33.48.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150500.13.47.1
- (no CPE)range: < 5.14.21-150500.55.59.1
- (no CPE)range: < 5.14.21-150400.24.116.1
- (no CPE)range: < 5.14.21-150400.24.116.1
Linux/Linuxcpe-rescue
Range: 4.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000