Lucene search
416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2023-52749HistoryMay 21, 2024 - 4:15 p.m.
CVE-2023-52749
2024-05-2116:15:14
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
1
linux kernel
vulnerability
fix
null dereference
race condition
system suspend
spi
In the Linux kernel, the following vulnerability has been resolved:
spi: Fix null dereference on suspend
A race condition exists where a synchronous (noqueue) transfer can be
active during a system suspend. This can cause a null pointer
dereference exception to occur when the system resumes.
Example order of events leading to the exception:
- spi_sync() calls __spi_transfer_message_noqueue() which sets
ctlr->cur_msg - Spi transfer begins via spi_transfer_one_message()
- System is suspended interrupting the transfer context
- System is resumed
- spi_controller_resume() calls spi_start_queue() which resets cur_msg
to NULL - Spi transfer context resumes and spi_finalize_current_message() is
called which dereferences cur_msg (which is now NULL)
Wait for synchronous transfers to complete before suspending by
acquiring the bus mutex and setting/checking a suspend flag.
Related
cve
cve
CVE-2023-52749
2024-05-21 16:15:14
cvelist
cvelist
CVE-2023-52749 spi: Fix null dereference on suspend
2024-05-21 15:30:38
redhatcve
redhatcve
CVE-2023-52749
2024-06-12 00:27:39
debiancve
debiancve
CVE-2023-52749
2024-05-21 16:15:14
osv
osv
CVE-2023-52749
2024-05-21 16:15:00
vulnrichment
vulnrichment
CVE-2023-52749 spi: Fix null dereference on suspend
2024-05-21 15:30:38
ubuntucve
ubuntucve
CVE-2023-52749
2024-05-21 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2571-1)
2024-07-23 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2896-1)
2024-08-14 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2973-1)
2024-08-21 00:00:00