Lucene search
416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2023-52493HistoryMar 11, 2024 - 6:15 p.m.
CVE-2023-52493
2024-03-1118:15:16
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
2627
linux
kernel
vulnerability
bus
mhi
host
chan lock
buffer
lockup
nvd
cve-2023-52493
In the Linux kernel, the following vulnerability has been resolved:
bus: mhi: host: Drop chan lock before queuing buffers
Ensure read and write locks for the channel are not taken in succession by
dropping the read lock from parse_xfer_event() such that a callback given
to client can potentially queue buffers and acquire the write lock in that
process. Any queueing of buffers should be done without channel read lock
acquired as it can result in multiple locks and a soft lockup.
[mani: added fixes tag and cc’ed stable]
Affected configurations
Node
linuxlinux_kernelRange5.7–5.10.210
ORlinuxlinux_kernelRange5.11.0–5.15.149
ORlinuxlinux_kernelRange5.16.0–6.1.76
ORlinuxlinux_kernelRange6.2.0–6.6.15
ORlinuxlinux_kernelRange6.7.0–6.7.3
ORlinuxlinux_kernelRange6.8.0≥
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/bus/mhi/host/main.c"
],
"versions": [
{
"version": "1d3173a3bae7",
"lessThan": "20a6dea2d1c6",
"status": "affected",
"versionType": "git"
},
{
"version": "1d3173a3bae7",
"lessThan": "6e4c84316e2b",
"status": "affected",
"versionType": "git"
},
{
"version": "1d3173a3bae7",
"lessThan": "3c5ec66b4b3f",
"status": "affected",
"versionType": "git"
},
{
"version": "1d3173a3bae7",
"lessThan": "eaefb9464031",
"status": "affected",
"versionType": "git"
},
{
"version": "1d3173a3bae7",
"lessThan": "b8eff20d8709",
"status": "affected",
"versionType": "git"
},
{
"version": "1d3173a3bae7",
"lessThan": "01bd694ac2f6",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/bus/mhi/host/main.c"
],
"versions": [
{
"version": "5.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.210",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.76",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.15",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.3",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b
git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e
git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690
git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece
git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830
git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e
lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Related
redhatcve
redhatcve
CVE-2023-52493
2024-03-12 16:11:48
prion
prion
Spoofing
2024-03-11 18:15:00
debiancve
debiancve
CVE-2023-52493
2024-03-11 18:15:16
nvd
nvd
CVE-2023-52493
2024-03-11 18:15:16
ubuntucve
ubuntucve
CVE-2023-52493
2024-03-11 00:00:00
cvelist
cvelist
CVE-2023-52493 bus: mhi: host: Drop chan lock before queuing buffers
2024-02-29 15:52:11
osv
osv
linux-aws, linux-aws-5.15 vulnerabilities
2024-05-20 13:05:13
linux-hwe-5.15, linux-raspi vulnerabilities
2024-05-15 15:15:08
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-2)
2024-05-15 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
2024-05-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6766-2)
2024-05-16 00:00:00
Ubuntu: Security Advisory (USN-6766-1)
2024-05-08 00:00:00
Ubuntu: Security Advisory (USN-6766-3)
2024-05-21 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-05-15 00:00:00
Linux kernel (Intel IoTG) vulnerabilities
2024-05-28 00:00:00
Linux kernel (AWS) vulnerabilities
2024-05-20 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2024-06-05 19:11:11
debian
debian
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39