CVE-2023-52899

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Add exception protection processing for vd in axi_chan_handle_err function<br /> <br /> Since there is no protection for vd, a kernel panic will be<br /> triggered here in exceptional cases.<br /> <br /> You can refer to the processing of axi_chan_block_xfer_complete function<br /> <br /> The triggered kernel panic is as follows:<br /> <br /> [ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060<br /> [ 67.848447] Mem abort info:<br /> [ 67.848449] ESR = 0x96000004<br /> [ 67.848451] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [ 67.848454] SET = 0, FnV = 0<br /> [ 67.848456] EA = 0, S1PTW = 0<br /> [ 67.848458] Data abort info:<br /> [ 67.848460] ISV = 0, ISS = 0x00000004<br /> [ 67.848462] CM = 0, WnR = 0<br /> [ 67.848465] user pgtable: 4k pages, 48-bit VAs, pgdp=00000800c4c0b000<br /> [ 67.848468] [0000000000000060] pgd=0000000000000000, p4d=0000000000000000<br /> [ 67.848472] Internal error: Oops: 96000004 [#1] SMP<br /> [ 67.848475] Modules linked in: dmatest<br /> [ 67.848479] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.100-emu_x2rc+ #11<br /> [ 67.848483] pstate: 62000085 (nZCv daIf -PAN -UAO +TCO BTYPE=--)<br /> [ 67.848487] pc : axi_chan_handle_err+0xc4/0x230<br /> [ 67.848491] lr : axi_chan_handle_err+0x30/0x230<br /> [ 67.848493] sp : ffff0803fe55ae50<br /> [ 67.848495] x29: ffff0803fe55ae50 x28: ffff800011212200<br /> [ 67.848500] x27: ffff0800c42c0080 x26: ffff0800c097c080<br /> [ 67.848504] x25: ffff800010d33880 x24: ffff80001139d850<br /> [ 67.848508] x23: ffff0800c097c168 x22: 0000000000000000<br /> [ 67.848512] x21: 0000000000000080 x20: 0000000000002000<br /> [ 67.848517] x19: ffff0800c097c080 x18: 0000000000000000<br /> [ 67.848521] x17: 0000000000000000 x16: 0000000000000000<br /> [ 67.848525] x15: 0000000000000000 x14: 0000000000000000<br /> [ 67.848529] x13: 0000000000000000 x12: 0000000000000040<br /> [ 67.848533] x11: ffff0800c0400248 x10: ffff0800c040024a<br /> [ 67.848538] x9 : ffff800010576cd4 x8 : ffff0800c0400270<br /> [ 67.848542] x7 : 0000000000000000 x6 : ffff0800c04003e0<br /> [ 67.848546] x5 : ffff0800c0400248 x4 : ffff0800c4294480<br /> [ 67.848550] x3 : dead000000000100 x2 : dead000000000122<br /> [ 67.848555] x1 : 0000000000000100 x0 : ffff0800c097c168<br /> [ 67.848559] Call trace:<br /> [ 67.848562] axi_chan_handle_err+0xc4/0x230<br /> [ 67.848566] dw_axi_dma_interrupt+0xf4/0x590<br /> [ 67.848569] __handle_irq_event_percpu+0x60/0x220<br /> [ 67.848573] handle_irq_event+0x64/0x120<br /> [ 67.848576] handle_fasteoi_irq+0xc4/0x220<br /> [ 67.848580] __handle_domain_irq+0x80/0xe0<br /> [ 67.848583] gic_handle_irq+0xc0/0x138<br /> [ 67.848585] el1_irq+0xc8/0x180<br /> [ 67.848588] arch_cpu_idle+0x14/0x2c<br /> [ 67.848591] default_idle_call+0x40/0x16c<br /> [ 67.848594] do_idle+0x1f0/0x250<br /> [ 67.848597] cpu_startup_entry+0x2c/0x60<br /> [ 67.848600] rest_init+0xc0/0xcc<br /> [ 67.848603] arch_call_rest_init+0x14/0x1c<br /> [ 67.848606] start_kernel+0x4cc/0x500<br /> [ 67.848610] Code: eb0002ff 9a9f12d6 f2fbd5a2 f2fbd5a3 (a94602c1)<br /> [ 67.848613] ---[ end trace 585a97036f88203a ]---