CVE-2023-52808

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs<br /> <br /> If init debugfs failed during device registration due to memory allocation<br /> failure, debugfs_remove_recursive() is called, after which debugfs_dir is<br /> not set to NULL. debugfs_remove_recursive() will be called again during<br /> device removal. As a result, illegal pointer is accessed.<br /> <br /> [ 1665.467244] hisi_sas_v3_hw 0000:b4:02.0: failed to init debugfs!<br /> ...<br /> [ 1669.836708] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0<br /> [ 1669.872669] pc : down_write+0x24/0x70<br /> [ 1669.876315] lr : down_write+0x1c/0x70<br /> [ 1669.879961] sp : ffff000036f53a30<br /> [ 1669.883260] x29: ffff000036f53a30 x28: ffffa027c31549f8<br /> [ 1669.888547] x27: ffffa027c3140000 x26: 0000000000000000<br /> [ 1669.893834] x25: ffffa027bf37c270 x24: ffffa027bf37c270<br /> [ 1669.899122] x23: ffff0000095406b8 x22: ffff0000095406a8<br /> [ 1669.904408] x21: 0000000000000000 x20: ffffa027bf37c310<br /> [ 1669.909695] x19: 00000000000000a0 x18: ffff8027dcd86f10<br /> [ 1669.914982] x17: 0000000000000000 x16: 0000000000000000<br /> [ 1669.920268] x15: 0000000000000000 x14: ffffa0274014f870<br /> [ 1669.925555] x13: 0000000000000040 x12: 0000000000000228<br /> [ 1669.930842] x11: 0000000000000020 x10: 0000000000000bb0<br /> [ 1669.936129] x9 : ffff000036f537f0 x8 : ffff80273088ca10<br /> [ 1669.941416] x7 : 000000000000001d x6 : 00000000ffffffff<br /> [ 1669.946702] x5 : ffff000008a36310 x4 : ffff80273088be00<br /> [ 1669.951989] x3 : ffff000009513e90 x2 : 0000000000000000<br /> [ 1669.957276] x1 : 00000000000000a0 x0 : ffffffff00000001<br /> [ 1669.962563] Call trace:<br /> [ 1669.965000] down_write+0x24/0x70<br /> [ 1669.968301] debugfs_remove_recursive+0x5c/0x1b0<br /> [ 1669.972905] hisi_sas_debugfs_exit+0x24/0x30 [hisi_sas_main]<br /> [ 1669.978541] hisi_sas_v3_remove+0x130/0x150 [hisi_sas_v3_hw]<br /> [ 1669.984175] pci_device_remove+0x48/0xd8<br /> [ 1669.988082] device_release_driver_internal+0x1b4/0x250<br /> [ 1669.993282] device_release_driver+0x28/0x38<br /> [ 1669.997534] pci_stop_bus_device+0x84/0xb8<br /> [ 1670.001611] pci_stop_and_remove_bus_device_locked+0x24/0x40<br /> [ 1670.007244] remove_store+0xfc/0x140<br /> [ 1670.010802] dev_attr_store+0x44/0x60<br /> [ 1670.014448] sysfs_kf_write+0x58/0x80<br /> [ 1670.018095] kernfs_fop_write+0xe8/0x1f0<br /> [ 1670.022000] __vfs_write+0x60/0x190<br /> [ 1670.025472] vfs_write+0xac/0x1c0<br /> [ 1670.028771] ksys_write+0x6c/0xd8<br /> [ 1670.032071] __arm64_sys_write+0x24/0x30<br /> [ 1670.035977] el0_svc_common+0x78/0x130<br /> [ 1670.039710] el0_svc_handler+0x38/0x78<br /> [ 1670.043442] el0_svc+0x8/0xc<br /> <br /> To fix this, set debugfs_dir to NULL after debugfs_remove_recursive().