U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2023-52855 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue(): spin_lock_irqsave(&hsotg->lock, flags); ... if (!urb->hcpriv) { dev_dbg(hsotg->dev, "## urb->hcpriv is NULL ##\n"); goto out; } rc = dwc2_hcd_urb_dequeue(hsotg, urb->hcpriv); // Use urb->hcpriv ... out: spin_unlock_irqrestore(&hsotg->lock, flags); When _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() are concurrently executed, the NULL check of "urb->hcpriv" can be executed before "urb->hcpriv = NULL". After urb->hcpriv is NULL, it can be used in the function call to dwc2_hcd_urb_dequeue(), which can cause a NULL pointer dereference. This possible bug is found by an experimental static analysis tool developed by myself. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. The above possible bug is reported, when my tool analyzes the source code of Linux 6.5. To fix this possible bug, "urb->hcpriv = NULL" should be executed with holding the lock "hsotg->lock". After using this patch, my tool never reports the possible bug, with the kernelconfiguration allyesconfig for x86_64. Because I have no associated hardware, I cannot test the patch in runtime testing, and just verify it according to the code logic.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72 Patch 
https://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72 Patch 
https://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d Patch 
https://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d Patch 
https://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e Patch 
https://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e Patch 
https://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790 Patch 
https://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790 Patch 
https://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90 Patch 
https://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90 Patch 
https://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6 Patch 
https://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6 Patch 
https://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6 Patch 
https://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6 Patch 
https://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001 Patch 
https://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001 Patch 
https://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d Patch 
https://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-476 NULL Pointer Dereference CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
4.2		Up to (excluding)
4.14.330
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
4.15		Up to (excluding)
4.19.299
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
4.20		Up to (excluding)
5.4.261
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
5.5		Up to (excluding)
5.10.201
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
5.11		Up to (excluding)
5.15.139
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
5.16		Up to (excluding)
6.1.63
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
6.2		Up to (excluding)
6.5.12
 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
   Show Matching CPE(s) 		From (including)
6.6		Up to (excluding)
6.6.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-52855
NVD Published Date:
05/21/2024
NVD Last Modified:
04/02/2025
Source:
kernel.org