CVE-2023-52457

serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed

Returning an error code from .remove() makes the driver core emit the
little helpful error message:

remove callback returned a non-zero value. This will be ignored.

and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.

So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: 8250: omap: no omita la liberación de recursos si pm_runtime_resume_and_get() falla. Devolver un código de error desde .remove() hace que el núcleo del controlador emita el pequeño y útil mensaje de error: eliminar la devolución de llamada devolvió un valor distinto de cero. Esto será ignorado. y luego retire el dispositivo de todos modos. Entonces, en este caso, todos los recursos que no fueron liberados se filtran. Omitir serial8250_unregister_port() tiene el potencial de mantener suficiente UART disponible para desencadenar un use-after-free. Así que reemplace el retorno de error (y con él el pequeño mensaje de error útil) por un mensaje de error más útil y continúe con la limpieza.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-02-23 CVE Published
2024-05-01 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/2d66412563ef8953e2bac2d98d2d832b3f3f49cd	Vuln. Introduced
https://git.kernel.org/stable/c/d833cba201adf9237168e19f0d76e4d7aa69f303	Vuln. Introduced
https://git.kernel.org/stable/c/e0db709a58bdeb8966890882261a3f8438c5c9b7	Vuln. Introduced
https://git.kernel.org/stable/c/e3f0c638f428fd66b5871154b62706772045f91a	Vuln. Introduced
https://git.kernel.org/stable/c/02eed6390dbe61115f3e3f63829c95c611aee67b	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b502fb43f7fb55aaf07f6092ab44657595214b93	2024-01-25
https://git.kernel.org/stable/c/bc57f3ef8a9eb0180606696f586a6dcfaa175ed0	2024-01-25
https://git.kernel.org/stable/c/828cd829483f0cda920710997aed79130b0af690	2024-01-25
https://git.kernel.org/stable/c/d74173bda29aba58f822175d983d07c8ed335494	2024-01-25
https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b	2024-01-25
https://git.kernel.org/stable/c/95e4e0031effad9837af557ecbfd4294a4d8aeee	2024-01-25
https://git.kernel.org/stable/c/ad90d0358bd3b4554f243a425168fc7cebe7d04e	2023-11-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.225 < 5.4.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.225 < 5.4.268"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.156 < 5.10.209 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.156 < 5.10.209"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.80 < 5.15.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.80 < 5.15.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.0.10 Search vendor "Linux" for product "Linux Kernel" and version "6.0.10"		en		Affected