U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2023-52492 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [...] [ 1.484499] Call trace: [ 1.486930] device_del+0x40/0x394 [ 1.490314] device_unregister+0x20/0x7c [ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0 Look at dma_async_device_register() function error path, channel device unregistration is done only if chan->local is not NULL. Then add the same condition at the beginning of __dma_async_device_channel_unregister() function, to avoid NULL pointer issue whatever the API used to reach this function.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79
https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79
https://git.kernel.org/stable/c/2ab32986a0b9e329eb7f8f04dd57cc127f797c08
https://git.kernel.org/stable/c/2ab32986a0b9e329eb7f8f04dd57cc127f797c08
https://git.kernel.org/stable/c/7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b
https://git.kernel.org/stable/c/7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b
https://git.kernel.org/stable/c/9263fd2a63487c6d04cbb7b74a48fb12e1e352d0
https://git.kernel.org/stable/c/9263fd2a63487c6d04cbb7b74a48fb12e1e352d0
https://git.kernel.org/stable/c/9de69732dde4e443c1c7f89acbbed2c45a6a8e17
https://git.kernel.org/stable/c/9de69732dde4e443c1c7f89acbbed2c45a6a8e17
https://git.kernel.org/stable/c/f5c24d94512f1b288262beda4d3dcb9629222fc7
https://git.kernel.org/stable/c/f5c24d94512f1b288262beda4d3dcb9629222fc7
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference CISA-ADP  

Change History

7 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-52492
NVD Published Date:
03/11/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org