Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2023-52586

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
06/03/2024
Last modified:
14/02/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/dpu: Add mutex lock in control vblank irq<br /> <br /> Add a mutex lock to control vblank irq to synchronize vblank<br /> enable/disable operations happening from different threads to prevent<br /> race conditions while registering/unregistering the vblank irq callback.<br /> <br /> v4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a<br /> parameter of dpu_encoder_phys.<br /> -Switch from atomic refcnt to a simple int counter as mutex has<br /> now been added<br /> v3: Mistakenly did not change wording in last version. It is done now.<br /> v2: Slightly changed wording of commit message<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/571854/

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.00 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.00
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7.4 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools