CVE-2023-52567
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
02/03/2024
Last modified:
11/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
serial: 8250_port: Check IRQ data before use<br />
<br />
In case the leaf driver wants to use IRQ polling (irq = 0) and<br />
IIR register shows that an interrupt happened in the 8250 hardware<br />
the IRQ data can be NULL. In such a case we need to skip the wake<br />
event as we came to this path from the timer interrupt and quite<br />
likely system is already awake.<br />
<br />
Without this fix we have got an Oops:<br />
<br />
serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A<br />
...<br />
BUG: kernel NULL pointer dereference, address: 0000000000000010<br />
RIP: 0010:serial8250_handle_irq+0x7c/0x240<br />
Call Trace:<br />
? serial8250_handle_irq+0x7c/0x240<br />
? __pfx_serial8250_timeout+0x10/0x10
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.315 (including) | 4.14.327 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.283 (including) | 4.19.296 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4.243 (including) | 5.4.258 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.180 (including) | 5.10.198 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15.111 (including) | 5.15.134 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.28 (including) | 6.1.56 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.4 (including) | 6.5.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2
- https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933
- https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742
- https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a
- https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b
- https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014
- https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7
- https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847
- https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2
- https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933
- https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742
- https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a
- https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b
- https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014
- https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7
- https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847