CVE-2023-52492

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: fix NULL pointer in channel unregistration function<br /> <br /> __dma_async_device_channel_register() can fail. In case of failure,<br /> chan-&gt;local is freed (with free_percpu()), and chan-&gt;local is nullified.<br /> When dma_async_device_unregister() is called (because of managed API or<br /> intentionally by DMA controller driver), channels are unconditionally<br /> unregistered, leading to this NULL pointer:<br /> [ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0<br /> [...]<br /> [ 1.484499] Call trace:<br /> [ 1.486930] device_del+0x40/0x394<br /> [ 1.490314] device_unregister+0x20/0x7c<br /> [ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0<br /> <br /> Look at dma_async_device_register() function error path, channel device<br /> unregistration is done only if chan-&gt;local is not NULL.<br /> <br /> Then add the same condition at the beginning of<br /> __dma_async_device_channel_unregister() function, to avoid NULL pointer<br /> issue whatever the API used to reach this function.