CVE-2023-52872

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tty: n_gsm: fix race condition in status line change on dead connections<br /> <br /> gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all<br /> timers, removing the virtual tty devices and clearing the data queues.<br /> This procedure, however, may cause subsequent changes of the virtual modem<br /> status lines of a DLCI. More data is being added the outgoing data queue<br /> and the deleted kick timer is restarted to handle this. At this point many<br /> resources have already been removed by the cleanup procedure. Thus, a<br /> kernel panic occurs.<br /> <br /> Fix this by proving in gsm_modem_update() that the cleanup procedure has<br /> not been started and the mux is still alive.<br /> <br /> Note that writing to a virtual tty is already protected by checks against<br /> the DLCI specific connection state.