FKIE_CVE-2023-52749

Vulnerability from fkie_nvd - Published: 2024-05-21 16:15 - Updated: 2025-01-06 20:41
Severity
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrupting the transfer context 4. System is resumed 6. spi_controller_resume() calls spi_start_queue() which resets cur_msg to NULL 7. Spi transfer context resumes and spi_finalize_current_message() is called which dereferences cur_msg (which is now NULL) Wait for synchronous transfers to complete before suspending by acquiring the bus mutex and setting/checking a suspend flag.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB9ADE5-994E-47DC-9FCC-93A70F33D373",
              "versionEndExcluding": "6.1.66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71017352-7799-4BE4-98EA-8822F4A50F6B",
              "versionEndExcluding": "6.6.3",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix null dereference on suspend\n\nA race condition exists where a synchronous (noqueue) transfer can be\nactive during a system suspend. This can cause a null pointer\ndereference exception to occur when the system resumes.\n\nExample order of events leading to the exception:\n1. spi_sync() calls __spi_transfer_message_noqueue() which sets\n   ctlr-\u003ecur_msg\n2. Spi transfer begins via spi_transfer_one_message()\n3. System is suspended interrupting the transfer context\n4. System is resumed\n6. spi_controller_resume() calls spi_start_queue() which resets cur_msg\n   to NULL\n7. Spi transfer context resumes and spi_finalize_current_message() is\n   called which dereferences cur_msg (which is now NULL)\n\nWait for synchronous transfers to complete before suspending by\nacquiring the bus mutex and setting/checking a suspend flag."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: spi: corrige la desreferencia nula en suspensi\u00f3n. Existe una condici\u00f3n de ejecuci\u00f3n donde una transferencia sincr\u00f3nica (sin cola) puede estar activa durante una suspensi\u00f3n del sistema. Esto puede provocar que se produzca una excepci\u00f3n de desreferencia de puntero null cuando se reanude el sistema. Ejemplo de orden de eventos que conducen a la excepci\u00f3n: 1. spi_sync() llama a __spi_transfer_message_noqueue() que configura ctlr-\u0026gt;cur_msg 2. La transferencia Spi comienza a trav\u00e9s de spi_transfer_one_message() 3. El sistema se suspende interrumpiendo el contexto de transferencia 4. El sistema se reanuda 6. spi_controller_resume () llama a spi_start_queue(), lo que restablece cur_msg a NULL 7. El contexto de transferencia de Spi se reanuda y se llama a spi_finalize_current_message(), lo que desreferencia cur_msg (que ahora es NULL) Espere a que se completen las transferencias sincr\u00f3nicas antes de suspender adquiriendo el mutex del bus y configurando/verificando una bandera suspendida."
    }
  ],
  "id": "CVE-2023-52749",
  "lastModified": "2025-01-06T20:41:06.263",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T16:15:14.587",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        },
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.