CVE-2023-52505 phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers

2024-03-0221:52:19

Linux

github.com

linux kernel

vulnerability

lynx-28g

phy_set_mode_ext()

pcc8

pccc

pccd

spinlock

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers

The protocol converter configuration registers PCC8, PCCC, PCCD
(implemented by the driver), as well as others, control protocol
converters from multiple lanes (each represented as a different
struct phy). So, if there are simultaneous calls to phy_set_mode_ext()
to lanes sharing the same PCC register (either for the “old” or for the
“new” protocol), corruption of the values programmed to hardware is
possible, because lynx_28g_rmw() has no locking.

Add a spinlock in the struct lynx_28g_priv shared by all lanes, and take
the global spinlock from the phy_ops :: set_mode() implementation. There
are no other callers which modify PCC registers.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/phy/freescale/phy-fsl-lynx-28g.c"
    ],
    "versions": [
      {
        "version": "8f73b37cf3fb",
        "lessThan": "6f901f8448c6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8f73b37cf3fb",
        "lessThan": "c2d7c79898b4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8f73b37cf3fb",
        "lessThan": "139ad1143151",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/phy/freescale/phy-fsl-lynx-28g.c"
    ],
    "versions": [
      {
        "version": "5.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.18",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.59",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.5.8",
        "lessThanOrEqual": "6.5.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]