Home

Description

In the Linux kernel, the following vulnerability has been resolved: start_kernel: Add __no_stack_protector function attribute Back during the discussion of commit a9a3ed1eff36 ("x86: Fix early boot crash on gcc-10, third try") we discussed the need for a function attribute to control the omission of stack protectors on a per-function basis; at the time Clang had support for no_stack_protector but GCC did not. This was fixed in gcc-11. Now that the function attribute is available, let's start using it. Callers of boot_init_stack_canary need to use this function attribute unless they're compiled with -fno-stack-protector, otherwise the canary stored in the stack slot of the caller will differ upon the call to boot_init_stack_canary. This will lead to a call to __stack_chk_fail() then panic.

PUBLISHED Reserved 2025-10-01 | Published 2025-10-01 | Updated 2026-01-05 | Assigner Linux

Product status

Default status
unaffected

420594296838fdc9a674470d710cda7d1487f9f4 (git) before 25e73018b4093e0cfbcec5dc4a4bb86d0b69ed56
affected

420594296838fdc9a674470d710cda7d1487f9f4 (git) before 514ca14ed5444b911de59ed3381dfd195d99fe4b
affected

Default status
affected

2.6.30
affected

Any version before 2.6.30
unaffected

6.4.4 (semver)
unaffected

6.5 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/25e73018b4093e0cfbcec5dc4a4bb86d0b69ed56

git.kernel.org/...c/514ca14ed5444b911de59ed3381dfd195d99fe4b

cve.org (CVE-2023-53491)

nvd.nist.gov (CVE-2023-53491)

Download JSON