CVE-2023-52853

hid: cp2112: Fix duplicate workqueue initialization

Severity Score

4.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within
cp2112_gpio_irq_startup, resulting in duplicate initilizations of the
workqueue on subsequent IRQ startups following an initial request. This
resulted in a warning in set_work_data in workqueue.c, as well as a rare
NULL dereference within process_one_work in workqueue.c. Initialize the workqueue within _probe instead.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hid: cp2112: corrige la inicialización duplicada de la cola de trabajo. Anteriormente, el controlador cp2112 llamaba INIT_DELAYED_WORK dentro de cp2112_gpio_irq_startup, lo que generaba inicializaciones duplicadas de la cola de trabajo en inicios IRQ posteriores después de una solicitud inicial. Esto resultó en una advertencia en set_work_data en workqueue.c, así como en una rara desreferencia NULL dentro de process_one_work en workqueue.c. En su lugar, inicialice la cola de trabajo dentro de _probe.

In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ startups following an initial request. This resulted in a warning in set_work_data in workqueue.c, as well as a rare NULL dereference within process_one_work in workqueue.c. Initialize the workqueue within _probe instead.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/13de9cca514ed63604263cad87ca8cb36e9b6489	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/df0daac2709473531d6a3472997cc65301ac06d6	2023-11-20
https://git.kernel.org/stable/c/727203e6e7e7020e1246fc1628cbdb8d90177819	2023-11-20
https://git.kernel.org/stable/c/3d959406c8fff2334d83d0c352d54fd6f5b2e7cd	2023-11-20
https://git.kernel.org/stable/c/012d0c66f9392a99232ac28217229f32dd3a70cf	2023-11-20
https://git.kernel.org/stable/c/bafb12b629b7c3ad59812dd1ac1b0618062e0e38	2023-11-20
https://git.kernel.org/stable/c/fb5718bc67337dde1528661f419ffcf275757592	2023-11-20
https://git.kernel.org/stable/c/eb1121fac7986b30915ba20c5a04cc01fdcf160c	2023-11-20
https://git.kernel.org/stable/c/e3c2d2d144c082dd71596953193adf9891491f42	2023-10-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.19.299 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.19.299"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.4.261 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.4.261"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.10.201 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.10.201"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 5.15.139 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 5.15.139"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.1.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.1.63"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.5.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.5.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.6.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 6.7"		en		Affected