CVE-2025-68198
Description
In the Linux kernel, the following vulnerability has been resolved:crash: fix crashkernel resource shrinkWhen crashkernel is configured with a high reservation, shrinking itsvalue below the low crashkernel reservation causes two issues:1. Invalid crashkernel resource objects2. Kernel crash if crashkernel shrinking is done twiceFor example, with crashkernel=200M,high, the kernel reserves 200MB of highmemory and some default low memory (say 256MB). The reservation appearsas:cat /proc/iomem | grep -i crashaf000000-beffffff : Crash kernel433000000-43f7fffff : Crash kernelIf crashkernel is then shrunk to 50MB (echo 52428800 >/sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved:af000000-beffffff : Crash kernelInstead, it should show 50MB:af000000-b21fffff : Crash kernelFurther shrinking crashkernel to 40MB causes a kernel crash with thefollowing trace (x86):BUG: kernel null pointer dereference, address: 0000000000000038PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP NOPTICall Trace: __die_body.cold+0x19/0x27 page_fault_oops+0x15a/0x2f0 search_module_extables+0x19/0x60 search_bpf_extables+0x5f/0x80 exc_page_fault+0x7e/0x180 asm_exc_page_fault+0x26/0x30 __release_resource+0xd/0xb0release_resource+0x26/0x40__crash_shrink_memory+0xe5/0x110crash_shrink_memory+0x12a/0x190kexec_crash_size_store+0x41/0x80kernfs_fop_write_iter+0x141/0x1f0vfs_write+0x294/0x460ksys_write+0x6d/0xf0This happens because __crash_shrink_memory()/kernel/crash_core.cincorrectly updates the crashk_res resource object even whencrashk_low_res should be updated.Fix this by ensuring the correct crashkernel resource object is updatedwhen shrinking crashkernel memory.
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234