CVE-2023-52598

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when the content of the floating point control (fpc) register of a traced process is modified with the ptrace interface. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the tracing process if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context, floating point or vector registers are used. The current fp/vx registers are saved with save fpu regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. However, test fp ctl() restores the original user space fpc register value, which will be discarded when returning to user space. As a result, the tracer will incorrectly continue to run with the value that was supposed to be used for the traced process. The fix involves saving fpu register contents with save fpu regs() before using test fp ctl().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.