CVE-2023-52627
iio: adc: ad7091r: Allow users to configure device events
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with
the ad7091r-base driver. Those drivers declared iio events for notifying
user space when ADC readings fall bellow the thresholds of low limit
registers or above the values set in high limit registers.
However, to configure iio events and their thresholds, a set of callback
functions must be implemented and those were not present until now.
The consequence of trying to configure ad7091r-5 events without the
proper callback functions was a null pointer dereference in the kernel
because the pointers to the callback functions were not set. Implement event configuration callbacks allowing users to read/write
event thresholds and enable/disable event generation. Since the event spec structs are generic to AD7091R devices, also move
those from the ad7091r-5 driver the base driver so they can be reused
when support for ad7091r-2/-4/-8 be added.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iio: adc: ad7091r: permitir a los usuarios configurar eventos de dispositivo Los dispositivos AD7091R-5 son compatibles con el controlador ad7091r-5 junto con el controlador ad7091r-base. Esos controladores declararon eventos iio para notificar al espacio del usuario cuando las lecturas de ADC caen por debajo de los umbrales de los registros de límite bajo o por encima de los valores establecidos en los registros de límite alto. Sin embargo, para configurar los eventos de iio y sus umbrales, se debe implementar un conjunto de funciones de devolución de llamada que no estaban presentes hasta ahora. La consecuencia de intentar configurar eventos ad7091r-5 sin las funciones de devolución de llamada adecuadas fue una desreferencia del puntero nulo en el kernel porque los punteros a las funciones de devolución de llamada no estaban configurados. Implemente devoluciones de llamadas de configuración de eventos que permitan a los usuarios leer/escribir umbrales de eventos y habilitar/deshabilitar la generación de eventos. Dado que las estructuras de especificaciones de eventos son genéricas para los dispositivos AD7091R, también mueva las del controlador ad7091r-5 al controlador base para que puedan reutilizarse cuando se agregue soporte para ad7091r-2/-4/-8.
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those were not present until now. The consequence of trying to configure ad7091r-5 events without the proper callback functions was a null pointer dereference in the kernel because the pointers to the callback functions were not set. Implement event configuration callbacks allowing users to read/write event thresholds and enable/disable event generation. Since the event spec structs are generic to AD7091R devices, also move those from the ad7091r-5 driver the base driver so they can be reused when support for ad7091r-2/-4/-8 be added.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-06 CVE Reserved
- 2024-03-26 CVE Published
- 2024-03-27 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/ca69300173b642ba64118200172171ea5967b6c5 | Vuln. Introduced | |
| https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.10.210" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.149" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.1.76" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.6.15" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.7.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.6 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.8" | en |
Affected
| ||||||