CVE-2023-52749

In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrupting the transfer context 4. System is resumed 6. spi_controller_resume() calls spi_start_queue() which resets cur_msg to NULL 7. Spi transfer context resumes and spi_finalize_current_message() is called which dereferences cur_msg (which is now NULL) Wait for synchronous transfers to complete before suspending by acquiring the bus mutex and setting/checking a suspend flag.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068	Patch
https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e	Patch
https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37	Patch
https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068	Patch
https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e	Patch
https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-05-21 16:15

Updated : 2025-01-06 20:41

NVD link : CVE-2023-52749

Mitre link : CVE-2023-52749

CVE.ORG link : CVE-2023-52749

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-476

NULL Pointer Dereference

{"id": "CVE-2023-52749", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2024-05-21T16:15:14.587", "references": [{"url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix null dereference on suspend\n\nA race condition exists where a synchronous (noqueue) transfer can be\nactive during a system suspend. This can cause a null pointer\ndereference exception to occur when the system resumes.\n\nExample order of events leading to the exception:\n1. spi_sync() calls __spi_transfer_message_noqueue() which sets\n ctlr->cur_msg\n2. Spi transfer begins via spi_transfer_one_message()\n3. System is suspended interrupting the transfer context\n4. System is resumed\n6. spi_controller_resume() calls spi_start_queue() which resets cur_msg\n to NULL\n7. Spi transfer context resumes and spi_finalize_current_message() is\n called which dereferences cur_msg (which is now NULL)\n\nWait for synchronous transfers to complete before suspending by\nacquiring the bus mutex and setting/checking a suspend flag."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: spi: corrige la desreferencia nula en suspensi\u00f3n. Existe una condici\u00f3n de ejecuci\u00f3n donde una transferencia sincr\u00f3nica (sin cola) puede estar activa durante una suspensi\u00f3n del sistema. Esto puede provocar que se produzca una excepci\u00f3n de desreferencia de puntero null cuando se reanude el sistema. Ejemplo de orden de eventos que conducen a la excepci\u00f3n: 1. spi_sync() llama a __spi_transfer_message_noqueue() que configura ctlr->cur_msg 2. La transferencia Spi comienza a trav\u00e9s de spi_transfer_one_message() 3. El sistema se suspende interrumpiendo el contexto de transferencia 4. El sistema se reanuda 6. spi_controller_resume () llama a spi_start_queue(), lo que restablece cur_msg a NULL 7. El contexto de transferencia de Spi se reanuda y se llama a spi_finalize_current_message(), lo que desreferencia cur_msg (que ahora es NULL) Espere a que se completen las transferencias sincr\u00f3nicas antes de suspender adquiriendo el mutex del bus y configurando/verificando una bandera suspendida."}], "lastModified": "2025-01-06T20:41:06.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB9ADE5-994E-47DC-9FCC-93A70F33D373", "versionEndExcluding": "6.1.66"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71017352-7799-4BE4-98EA-8822F4A50F6B", "versionEndExcluding": "6.6.3", "versionStartIncluding": "6.2"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}