Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-53452

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
01/10/2025
Last modified:
16/01/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: rtw89: fix potential race condition between napi_init and napi_enable<br /> <br /> A race condition can happen if netdev is registered, but NAPI isn&amp;#39;t<br /> initialized yet, and meanwhile user space starts the netdev that will<br /> enable NAPI. Then, it hits BUG_ON():<br /> <br /> kernel BUG at net/core/dev.c:6423!<br /> invalid opcode: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 0 PID: 417 Comm: iwd Not tainted 6.2.7-slab-dirty #3 eb0f5a8a9d91<br /> Hardware name: LENOVO 21DL/LNVNB161216, BIOS JPCN20WW(V1.06) 09/20/2022<br /> RIP: 0010:napi_enable+0x3f/0x50<br /> Code: 48 89 c2 48 83 e2 f6 f6 81 89 08 00 00 02 74 0d 48 83 ...<br /> RSP: 0018:ffffada1414f3548 EFLAGS: 00010246<br /> RAX: 0000000000000000 RBX: ffffa01425802080 RCX: 0000000000000000<br /> RDX: 00000000000002ff RSI: ffffada14e50c614 RDI: ffffa01425808dc0<br /> RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000001 R11: 0000000000000100 R12: ffffa01425808f58<br /> R13: 0000000000000000 R14: ffffa01423498940 R15: 0000000000000001<br /> FS: 00007f5577c0a740(0000) GS:ffffa0169fc00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f5577a19972 CR3: 0000000125a7a000 CR4: 0000000000750ef0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> rtw89_pci_ops_start+0x1c/0x70 [rtw89_pci 6cbc75429515c181cbc386478d5cfb32ffc5a0f8]<br /> rtw89_core_start+0xbe/0x160 [rtw89_core fe07ecb874820b6d778370d4acb6ef8a37847f22]<br /> rtw89_ops_start+0x26/0x40 [rtw89_core fe07ecb874820b6d778370d4acb6ef8a37847f22]<br /> drv_start+0x42/0x100 [mac80211 c07fa22af8c3cf3f7d7ab3884ca990784d72e2d2]<br /> ieee80211_do_open+0x311/0x7d0 [mac80211 c07fa22af8c3cf3f7d7ab3884ca990784d72e2d2]<br /> ieee80211_open+0x6a/0x90 [mac80211 c07fa22af8c3cf3f7d7ab3884ca990784d72e2d2]<br /> __dev_open+0xe0/0x180<br /> __dev_change_flags+0x1da/0x250<br /> dev_change_flags+0x26/0x70<br /> do_setlink+0x37c/0x12c0<br /> ? ep_poll_callback+0x246/0x290<br /> ? __nla_validate_parse+0x61/0xd00<br /> ? __wake_up_common_lock+0x8f/0xd0<br /> <br /> To fix this, follow Jonas&amp;#39; suggestion to switch the order of these<br /> functions and move register netdev to be the last step of PCI probe.<br /> Also, correct the error handling of rtw89_core_register_hw().

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 4.70 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
4.70
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.28 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.2.15 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.3 (including) 6.3.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools