CVE-2023-52860
drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process
When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplug
callbacks after the device has been unregistered, leading to fireworks
when we try to execute empty function callbacks within the driver:
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
| CPU: 0 PID: 15 Comm: cpuhp/0 Tainted: G W O 5.12.0-rc4+ #1
| Hardware name: , BIOS KpxxxFPGA 1P B600 V143 04/22/2021
| pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
| pc : perf_pmu_migrate_context+0x98/0x38c
| lr : perf_pmu_migrate_context+0x94/0x38c
|
| Call trace:
| perf_pmu_migrate_context+0x98/0x38c
| hisi_hns3_pmu_offline_cpu+0x104/0x12c [hisi_hns3_pmu]
Use cpuhp_state_remove_instance_nocalls() instead of
cpuhp_state_remove_instance() so that the notifiers don't execute after
the PMU device has been unregistered.
[will: Rewrote commit message]
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() para el proceso uninit hisi_hns3_pmu. Al derribar una PMU 'hisi_hns3', ejecutamos por error las devoluciones de llamadas de conexión en caliente de la CPU después de que el dispositivo haya sido anulado del registro, lo que lleva a a fuegos artificiales cuando intentamos ejecutar devoluciones de llamadas de funciones vacías dentro del controlador: | No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0000000000000000 | CPU: 0 PID: 15 Comunicaciones: cpuhp/0 Contaminado: GWO 5.12.0-rc4+ #1 | Nombre del hardware: , BIOS KpxxxFPGA 1P B600 V143 22/04/2021 | pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--) | ordenador personal: perf_pmu_migrate_context+0x98/0x38c | lr: perf_pmu_migrate_context+0x94/0x38c | | Rastreo de llamadas: | perf_pmu_migrate_context+0x98/0x38c | hisi_hns3_pmu_offline_cpu+0x104/0x12c [hisi_hns3_pmu] Utilice cpuhp_state_remove_instance_nocalls() en lugar de cpuhp_state_remove_instance() para que los notificadores no se ejecuten después de que el dispositivo PMU haya sido anulado del registro. [will: reescribirá el mensaje de confirmación]
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-21 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/66637ab137b44914356a9dc7a9b3f8ebcf0b0695 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.1.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.63" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.5.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.5.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.2" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7" | en |
Affected
| ||||||