CVE-2023-52765

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mfd: qcom-spmi-pmic: Fix revid implementation<br /> <br /> The Qualcomm SPMI PMIC revid implementation is broken in multiple ways.<br /> <br /> First, it assumes that just because the sibling base device has been<br /> registered that means that it is also bound to a driver, which may not<br /> be the case (e.g. due to probe deferral or asynchronous probe). This<br /> could trigger a NULL-pointer dereference when attempting to access the<br /> driver data of the unbound device.<br /> <br /> Second, it accesses driver data of a sibling device directly and without<br /> any locking, which means that the driver data may be freed while it is<br /> being accessed (e.g. on driver unbind).<br /> <br /> Third, it leaks a struct device reference to the sibling device which is<br /> looked up using the spmi_device_from_of() every time a function (child)<br /> device is calling the revid function (e.g. on probe).<br /> <br /> Fix this mess by reimplementing the revid lookup so that it is done only<br /> at probe of the PMIC device; the base device fetches the revid info from<br /> the hardware, while any secondary SPMI device fetches the information<br /> from the base device and caches it so that it can be accessed safely<br /> from its children. If the base device has not been probed yet then probe<br /> of a secondary device is deferred.