CVE-2023-54170

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.18-150300.59.90-default #1 SLE15-SP3

Description A flaw exists in the Linux kernel related to key management. Specifically, the issue involves linking a duplicate key to a keyring’s assoc array during DNS queries. This can occur when multiple tasks concurrently make DNS queries for the same hostname, potentially leading to a duplicate index key being created in the keyring’s assoc array. This condition ultimately results in a kernel crash, as identified by a BUG ON() check within the assoc array implementation. The issue arises from the interaction between functions such as dns query(), request key and link(), construct alloc key(), and key link begin().

Recommendations Update the Linux kernel to version 5.3.18-150300.59.90-default #1 SLE15-SP3 or a later version that includes the fix.