CVE-2023-52749

In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrupting the transfer context 4. System is resumed 6. spi_controller_resume() calls spi_start_queue() which resets cur_msg to NULL 7. Spi transfer context resumes and spi_finalize_current_message() is called which dereferences cur_msg (which is now NULL) Wait for synchronous transfers to complete before suspending by acquiring the bus mutex and setting/checking a suspend flag.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068	Patch
https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e	Patch
https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37	Patch
https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068	Patch
https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e	Patch
https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

06 Jan 2025, 20:41

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-362 CWE-476
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
References	~~() https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 -~~	() https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 - Patch
References	~~() https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e -~~	() https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e - Patch
References	~~() https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 -~~	() https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 - Patch

21 Nov 2024, 08:40

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: corrige la desreferencia nula en suspensión. Existe una condición de ejecución donde una transferencia sincrónica (sin cola) puede estar activa durante una suspensión del sistema. Esto puede provocar que se produzca una excepción de desreferencia de puntero null cuando se reanude el sistema. Ejemplo de orden de eventos que conducen a la excepción: 1. spi_sync() llama a __spi_transfer_message_noqueue() que configura ctlr->cur_msg 2. La transferencia Spi comienza a través de spi_transfer_one_message() 3. El sistema se suspende interrumpiendo el contexto de transferencia 4. El sistema se reanuda 6. spi_controller_resume () llama a spi_start_queue(), lo que restablece cur_msg a NULL 7. El contexto de transferencia de Spi se reanuda y se llama a spi_finalize_current_message(), lo que desreferencia cur_msg (que ahora es NULL) Espere a que se completen las transferencias sincrónicas antes de suspender adquiriendo el mutex del bus y configurando/verificando una bandera suspendida.
References	~~() https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 -~~	() https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 -
References	~~() https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e -~~	() https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e -
References	~~() https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 -~~	() https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 -

21 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 16:15

Updated : 2025-01-06 20:41

NVD link : CVE-2023-52749

Mitre link : CVE-2023-52749

CVE.ORG link : CVE-2023-52749

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-476

NULL Pointer Dereference

4.7 /10