CVE-2023-52567

serial: 8250_port: Check IRQ data before use

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250_port: Check IRQ data before use

In case the leaf driver wants to use IRQ polling (irq = 0) and
IIR register shows that an interrupt happened in the 8250 hardware
the IRQ data can be NULL. In such a case we need to skip the wake
event as we came to this path from the timer interrupt and quite
likely system is already awake.

Without this fix we have got an Oops:

serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A
...
BUG: kernel NULL pointer dereference, address: 0000000000000010
RIP: 0010:serial8250_handle_irq+0x7c/0x240
Call Trace:
? serial8250_handle_irq+0x7c/0x240
? __pfx_serial8250_timeout+0x10/0x10

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-02 CVE Reserved
2024-03-02 CVE Published
2024-03-03 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
https://git.kernel.org/stable/c/edfe57aedff4ecf3606533aabf8ecf7676c3c5d9	Vuln. Introduced
https://git.kernel.org/stable/c/0bd49a043c7984c93c2a0af41222fb71c3986a4e	Vuln. Introduced
https://git.kernel.org/stable/c/572d48361aa0a6e6f16c1470e5407de183493d0c	Vuln. Introduced
https://git.kernel.org/stable/c/d5d628fea5f6181809a9d61b04de6ade53277684	Vuln. Introduced
https://git.kernel.org/stable/c/424cf29296354d7b9c6c038aaa7bb71782100851	Vuln. Introduced
https://git.kernel.org/stable/c/727e92fe13e81c6088a88d83e466b2b1b553c4e3	Vuln. Introduced
https://git.kernel.org/stable/c/0ba9e3a13c6adfa99e32b2576d20820ab10ad48a	Vuln. Introduced
https://git.kernel.org/stable/c/d7c6aa39eb041e2a6a53106104200d11e2acc87f	Vuln. Introduced
https://git.kernel.org/stable/c/f5fd2fd999b364801e9790c6f69f3fe3f40ed60f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847	2023-10-10
https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a	2023-10-10
https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742	2023-10-10
https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014	2023-10-10
https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2	2023-10-06
https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7	2023-10-06
https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933	2023-10-06
https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b	2023-09-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.315 < 4.14.327 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.315 < 4.14.327"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.283 < 4.19.296 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.283 < 4.19.296"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.243 < 5.4.258 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.243 < 5.4.258"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.180 < 5.10.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.180 < 5.10.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.111 < 5.15.134 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.111 < 5.15.134"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.28 < 6.1.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.28 < 6.1.56"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.5.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.5.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.2.15 Search vendor "Linux" for product "Linux Kernel" and version "6.2.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.3.2 Search vendor "Linux" for product "Linux Kernel" and version "6.3.2"		en		Affected