CVE-2023-53011

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: stmmac: enable all safety features by default<br /> <br /> In the original implementation of dwmac5<br /> commit 8bf993a5877e ("net: stmmac: Add support for DWMAC5 and implement Safety Features")<br /> all safety features were enabled by default.<br /> <br /> Later it seems some implementations didn&amp;#39;t have support for all the<br /> features, so in<br /> commit 5ac712dcdfef ("net: stmmac: enable platform specific safety features")<br /> the safety_feat_cfg structure was added to the callback and defined for<br /> some platforms to selectively enable these safety features.<br /> <br /> The problem is that only certain platforms were given that software<br /> support. If the automotive safety package bit is set in the hardware<br /> features register the safety feature callback is called for the platform,<br /> and for platforms that didn&amp;#39;t get a safety_feat_cfg defined this results<br /> in the following NULL pointer dereference:<br /> <br /> [ 7.933303] Call trace:<br /> [ 7.935812] dwmac5_safety_feat_config+0x20/0x170 [stmmac]<br /> [ 7.941455] __stmmac_open+0x16c/0x474 [stmmac]<br /> [ 7.946117] stmmac_open+0x38/0x70 [stmmac]<br /> [ 7.950414] __dev_open+0x100/0x1dc<br /> [ 7.954006] __dev_change_flags+0x18c/0x204<br /> [ 7.958297] dev_change_flags+0x24/0x6c<br /> [ 7.962237] do_setlink+0x2b8/0xfa4<br /> [ 7.965827] __rtnl_newlink+0x4ec/0x840<br /> [ 7.969766] rtnl_newlink+0x50/0x80<br /> [ 7.973353] rtnetlink_rcv_msg+0x12c/0x374<br /> [ 7.977557] netlink_rcv_skb+0x5c/0x130<br /> [ 7.981500] rtnetlink_rcv+0x18/0x2c<br /> [ 7.985172] netlink_unicast+0x2e8/0x340<br /> [ 7.989197] netlink_sendmsg+0x1a8/0x420<br /> [ 7.993222] ____sys_sendmsg+0x218/0x280<br /> [ 7.997249] ___sys_sendmsg+0xac/0x100<br /> [ 8.001103] __sys_sendmsg+0x84/0xe0<br /> [ 8.004776] __arm64_sys_sendmsg+0x24/0x30<br /> [ 8.008983] invoke_syscall+0x48/0x114<br /> [ 8.012840] el0_svc_common.constprop.0+0xcc/0xec<br /> [ 8.017665] do_el0_svc+0x38/0xb0<br /> [ 8.021071] el0_svc+0x2c/0x84<br /> [ 8.024212] el0t_64_sync_handler+0xf4/0x120<br /> [ 8.028598] el0t_64_sync+0x190/0x194<br /> <br /> Go back to the original behavior, if the automotive safety package<br /> is found to be supported in hardware enable all the features unless<br /> safety_feat_cfg is passed in saying this particular platform only<br /> supports a subset of the features.