CVE-2023-52493

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to client can potentially queue buffers and acquire the write lock in that process. Any queueing of buffers should be done without channel read lock acquired as it can result in multiple locks and a soft lockup. [mani: added fixes tag and cc'ed stable]

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b	Patch
https://git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e	Patch
https://git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690	Patch
https://git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece	Patch
https://git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830	Patch
https://git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e	Patch
https://git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b	Patch
https://git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e	Patch
https://git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690	Patch
https://git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece	Patch
https://git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830	Patch
https://git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e	Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-03-11 18:15

Updated : 2024-12-12 15:57

NVD link : CVE-2023-52493

Mitre link : CVE-2023-52493

CVE.ORG link : CVE-2023-52493

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2023-52493", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-03-11T18:15:16.940", "references": [{"url": "https://git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Drop chan lock before queuing buffers\n\nEnsure read and write locks for the channel are not taken in succession by\ndropping the read lock from parse_xfer_event() such that a callback given\nto client can potentially queue buffers and acquire the write lock in that\nprocess. Any queueing of buffers should be done without channel read lock\nacquired as it can result in multiple locks and a soft lockup.\n\n[mani: added fixes tag and cc'ed stable]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: host: Eliminar el bloqueo de canal antes de poner en cola los b\u00faferes aseg\u00farese de que los bloqueos de lectura y escritura para el canal no se tomen en sucesi\u00f3n eliminando el bloqueo de lectura de parse_xfer_event() de manera que se pueda realizar una devoluci\u00f3n de llamada dado al cliente puede potencialmente poner en cola los b\u00faferes y adquirir el bloqueo de escritura en ese proceso. Cualquier puesta en cola de b\u00faferes debe realizarse sin adquirir el bloqueo de lectura del canal, ya que puede generar m\u00faltiples bloqueos y un bloqueo suave. [mani: etiqueta de correcciones agregada y copia estable]"}], "lastModified": "2024-12-12T15:57:46.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A36D24A2-955E-4552-BE35-C1A1E878E73C", "versionEndExcluding": "5.10.210", "versionStartIncluding": "5.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E", "versionEndExcluding": "6.1.76", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468", "versionEndExcluding": "6.6.15", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF", "versionEndExcluding": "6.7.3", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}