CVE-2023-52645

pmdomain: mediatek: fix race conditions with genpd

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: mediatek: fix race conditions with genpd

If the power domains are registered first with genpd and *after that*
the driver attempts to power them on in the probe sequence, then it is
possible that a race condition occurs if genpd tries to power them on
in the same time.
The same is valid for powering them off before unregistering them
from genpd.
Attempt to fix race conditions by first removing the domains from genpd
and *after that* powering down domains.
Also first power up the domains and *after that* register them
to genpd.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pmdomain: mediatek: corrige las condiciones de ejecución con genpd, si los dominios de energía se registran primero con genpd y *después de eso* el controlador intenta encenderlos en la secuencia de sonda, entonces es Es posible que se produzca una condición de ejecución si genpd intenta encenderlos al mismo tiempo. Lo mismo es válido para apagarlos antes de cancelar su registro en genpd. Intente arreglar las condiciones de ejecución eliminando primero los dominios de genpd y *después* apagando los dominios. También primero encienda los dominios y *después* regístrelos en genpd.

*Credits: N/A

CVSS Scores

NISTv3.1 4.7

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-04-17 CVE Published
2024-04-30 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/59b644b01cf48d6042f3c5983d464921a4920845	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438	2024-03-01
https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff	2024-03-01
https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25	2024-02-23
https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b	2024-02-23
https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5	2024-01-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.1.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.8"		en		Affected