CVE-2023-52486

2024-03-1100:00:00

ubuntu.com

cve-2023-52486

deadlock handling

framebuffer

linux kernel

vulnerability

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved: drm:
Don’t unref the same fb many times by mistake due to deadlock handling If
we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we
proceed to unref the fb and then retry the whole thing from the top. But we
forget to reset the fb pointer back to NULL, and so if we then get another
error during the retry, before the fb lookup, we proceed the unref the same
fb again without having gotten another reference. The end result is that
the fb will (eventually) end up being freed while it’s still in use. Reset
fb to NULL once we’ve unreffed it to avoid doing it again until we’ve done
another fb lookup. This turned out to be pretty easy to hit on a DG2 when
doing async flips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom
I saw that drm_closefb() simply got stuck in a busy loop while walking the
framebuffer list. Fortunately I was able to convince it to oops instead,
and from there it was easier to track down the culprit.

Notes

Author	Note
rodrigo-zaiden	USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< 5.4.0-181.201UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-106.116UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-41.41UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1124.134UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1061.67UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1021.21UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1061.67~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1124.134~18.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1129.136UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< 5.4.0-181.201	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-106.116	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-41.41	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1124.134	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1061.67	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1021.21	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1061.67~20.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1124.134~18.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< 5.4.0-1129.136	UNKNOWN