PT-2023-9766 · Llvm+4 · Llvm+4

Nathan Chancellor

·

Published

2023-10-04

·

Updated

2025-02-03

·

CVE-2023-52750

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc3-00013-g34f66c4c4d55
Description The vulnerability is related to the incorrect byte-swapping of NOP instructions when compiling for big-endian architectures using LLVM's integrated assembler prior to version 15.0.0. This could result in the corruption of user or kernel FPSIMD state. The issue was unnoticed until a commit was made to use a positive cpucap for FP/SIMD, after which the instructions would trap during boot prior to FPSIMD being detected and enabled.
Recommendations To resolve the issue, restrict CONFIG CPU BIG ENDIAN to a known good assembler, which is either GNU as or LLVM's IAS 15.0.0 and newer. This can be achieved by:
  • Using GNU as for assembly
  • Updating to LLVM's IAS 15.0.0 or newer for assembly No specific version of the Linux kernel is recommended for update, as the fix is related to the assembler used rather than the kernel version itself. However, using a version of the Linux kernel that includes the commit "arm64: Use a positive cpucap for FP/SIMD" (34f66c4c4d5518c1) or later would be advisable to ensure the issue is properly handled.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-388

Related Identifiers

BDU:2024-10504
BDU:2024-10505
CVE-2023-52750
OESA-2024-1692
OESA-2024-1693
OESA-2024-1694
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1

Affected Products

Astra Linux
Llvm
Linux Kernel
Red Os
Suse