CVE-2023-52613

drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment

PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need
-ENODEV as the right value for comparison.

Otherwise, tz->type is NULL when thermal-zones is undefined, resulting
in the following error:

[ 12.290030] CPU 1 Unable to handle kernel paging request at virtual address fffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8
[ 12.302877] Oops[#1]:
[ 12.305190] CPU: 1 PID: 181 Comm: systemd-udevd Not tainted 6.6.0-rc7+ #5385
[ 12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10
[ 12.320739] a0 0000000000000000 a1 fffffffffffffff1 a2 0000000000000014 a3 0000000000000001
[ 12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c
[ 12.337606] t0 fffffffffffffff1 t1 54567fd5da9b4fd4 t2 900000010614ec40 t3 00000000000dc901
[ 12.346041] t4 0000000000000000 t5 0000000000000004 t6 900000010614ee20 t7 900000000d00b790
[ 12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40
[ 12.362916] s1 90000000039fced0 s2 ffffffffffffffed s3 ffffffffffffffed s4 9000000003acc000
[ 12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8
[ 12.362938] ra: 90000000031579b8 thermal_add_hwmon_sysfs+0x258/0x300
[ 12.386411] ERA: 900000000355f410 strscpy+0xf0/0x160
[ 12.391626] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
[ 12.397898] PRMD: 00000004 (PPLV0 +PIE -PWE)
[ 12.403678] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)
[ 12.409859] ECFG: 00071c1c (LIE=2-4,10-12 VS=7)
[ 12.415882] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)
[ 12.415907] BADV: fffffffffffffff1
[ 12.415911] PRID: 0014a000 (Loongson-64bit, Loongson-2K1000)
[ 12.415917] Modules linked in: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc
[ 12.415950] Process systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3)
[ 12.415961] Stack : 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358
[ 12.415982] ffffffffffffffed 0000000000000004 9000000107a10aa8 90000001002a3410
[ 12.415999] ffffffffffffffed ffffffffffffffed 9000000107a11268 9000000003157ab0
[ 12.416016] 9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed
[ 12.416032] 0000000000000024 ffffff80020cc1e8 900000000402b2a0 9000000003acc000
[ 12.416048] 90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410
[ 12.416065] 0000000000000000 9000000002df6808 90000001002a3410 0000000000000000
[ 12.416081] ffffff80020f4030 0000000000000000 90000001002a3410 9000000002df2ba8
[ 12.416097] 00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002
[ 12.416114] ffffff80020f4030 fffffffffffffff0 90000001002a3410 9000000002df2f30
[ 12.416131] ...
[ 12.416138] Call Trace:
[ 12.416142] [<900000000355f410>] strscpy+0xf0/0x160
[ 12.416167] [<90000000031579b8>] thermal_add_hwmon_sysfs+0x258/0x300
[ 12.416183] [<9000000003157ab0>] devm_thermal_add_hwmon_sysfs+0x50/0xe0
[ 12.416200] [<ffffff80020cc1e8>] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal]
[ 12.416232] [<9000000002df6808>] platform_probe+0x68/0x140
[ 12.416249] [<9000000002df2ba8>] really_probe+0xc8/0x3c0
[ 12.416269] [<9000000002df2f30>] __driver_probe_device+0x90/0x180
[ 12.416286] [<9000000002df3058>] driver_probe_device+0x38/0x160
[ 12.416302] [<9000000002df33a8>] __driver_attach+0xa8/0x200
[ 12.416314] [<9000000002deffec>] bus_for_each_dev+0x8c/0x120
[ 12.416330] [<9000000002df198c>] bus_add_driver+0x10c/0x2a0
[ 12.416346] [<9000000002df46b4>] driver_register+0x74/0x160
[ 12.416358] [<90000000022201a4>] do_one_initcall+0x84/0x220
[ 12.416372] [<90000000022f3ab8>] do_init_module+0x58/0x2c0
[
---truncated---

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drivers/thermal/loongson2_thermal: corrige el juicio PTR_ERR() incorrecto. PTR_ERR() devuelve -ENODEV cuando las zonas térmicas no están definidas y necesitamos -ENODEV como el valor correcto para comparar. De lo contrario, tz->type es NULL cuando las zonas térmicas no están definidas, lo que genera el siguiente error: [12.290030] CPU 1 No se puede manejar la solicitud de paginación del kernel en la dirección virtual ffffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8 [ 12.302877] Ups [#1]: [ 12.305190] CPU: 1 PID: 181 Comm: systemd-udevd No contaminado 6.6.0-rc7+ #5385 [ 12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10 [ 12.320739] a0 0000000000000000 a1 ffffffffffffffff1 a2 0000000000000014 a3 0000000000000001 [ 12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c [ 12.337606] t0 ffffffffffffffff1 t1 54567fd5da9b 4fd4 t2 900000010614ec40 t3 00000000000dc901 [ 12.346041] t4 0000000000000000 t5 00000000000000004 t6 900000010614ee20 t7 900000000d00b 790 [ 12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40 [ 12.362916] s1 90000000039fced0 s2 ffffffffffffffff s3 ffffffffffffffff s4 9000000003acc000 [ 12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8 [ 12.362938] ra: 90000000031579b8 Thermal_add_hwmon_sysfs+0x258/0x300 [ 12.386411] ERA: 900000000355f410 strscpy+0xf0/0x160 [ 12.391626] CRMD: 00000 0b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 12.397898] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 12.403678] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 12.409859] ECFG: 00071c1c (LIE=2 -4,10-12 vs = 7) [12.415882] ESTAT: 00010000 [PIL] (IS = ECODE = 1 ESUBCODE = 0) [12.415907] BADV: FFFFFFFFFFFFFF1 [12.415911] PRID: 0014A000 (Loongson-64bit, Loongson-24000) [12.415917] Módulos vinculados en: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc [12.415950] Proceso systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3) [ 12.415961] Pila: 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358 [12.415982] ffffffffffffff 0000000000000004 9000000107a10aa8 90000001002a3410 [ 12.415999] ffffffffffffff ffffffffffffff 9000000107a11268 9000000003157ab0 [ 12.416016] 9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed [ 12.416032] 00000000000000024 ffffff80020cc1e8 900000000402b2 a0 9000000003acc000 [ 12.416048] 90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410 [ 12.416065] 00000000000000000 9000000002df6808 90000001002a3410 0000000000000000 [ 12.416081] ffffff80020f4030 00000000000000000 90000001002a3410 9000000002df2ba 8 [ 12.416097] 00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002 [ 12.416114] ffffff80020f4030 ffffffffffffff0 90000001002a3410 9000000002df2f30 [ 12 .416131] ... [ 12.416138] Seguimiento de llamadas: [ 12.416142] [<900000000355f410>] strscpy+0xf0/0x160 [ 12.416167] [<90000000031579b8>] Thermal_add_hwmon_sysfs+0x258/0 x300 [12.416183 ] [<9000000003157ab0>] devm_thermal_add_hwmon_sysfs+0x50/0xe0 [ 12.416200] [] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal] [ 12.416232] [<9 000000002df6808>] plataforma_probe+0x68/0x140 [ 12.416249] [<9000000002df2ba8>] realmente_probe+ 0xc8/0x3c0 [ 12.416269] [<9000000002df2f30>] __driver_probe_device+0x90/0x180 [ 12.416286] [<9000000002df3058>] driver_probe_device+0x38/0x160 [ 12.41630 2] [<9000000002df33a8>] __driver_attach+0xa8/0x200 [ 12.416314] [<9000000002deffec>] bus_for_each_dev+0x8c/0x120 [ 12.416330] [<9000000002df198c>] bus_add_driver+0x10c/0x2a0 [ 12.416346] [<9000000002df46b4>] driver_register+0x74/0x160 [ 12.41 6358] [<90000000022201a4>] do_one_initcall+0x84/0x220 [ 12.416372] [<90000000022f3ab8 >] do_init_module+0x58/0x2c0 [ ---truncado---

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-03-18 CVE Published
2024-03-19 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/e7e3a7c35791fe7a70997883fb8ada5866a40f4d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/70481755ed77400e783200e2d022e5fea16060ce	2024-01-25
https://git.kernel.org/stable/c/6010a9fc14eb1feab5cafd84422001134fe8ec58	2024-01-25
https://git.kernel.org/stable/c/15ef92e9c41124ee9d88b01208364f3fe1f45f84	2024-01-02

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.8"		en		Affected