CVE-2023-52872
tty: n_gsm: fix race condition in status line change on dead connections
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: fix race condition in status line change on dead connections
gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all
timers, removing the virtual tty devices and clearing the data queues.
This procedure, however, may cause subsequent changes of the virtual modem
status lines of a DLCI. More data is being added the outgoing data queue
and the deleted kick timer is restarted to handle this. At this point many
resources have already been removed by the cleanup procedure. Thus, a
kernel panic occurs.
Fix this by proving in gsm_modem_update() that the cleanup procedure has
not been started and the mux is still alive.
Note that writing to a virtual tty is already protected by checks against
the DLCI specific connection state.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: corrige la condición de ejecución en la línea de estado, cambia en conexiones inactivas gsm_cleanup_mux() limpia el gsm cerrando todos los DLCI, deteniendo todos los temporizadores, eliminando los dispositivos tty virtuales y limpiando el colas de datos. Sin embargo, este procedimiento puede provocar cambios posteriores en las líneas de estado del módem virtual de un DLCI. Se agregan más datos a la cola de datos salientes y el temporizador de eliminación eliminado se reinicia para manejar esto. En este punto, el procedimiento de limpieza ya ha eliminado muchos recursos. Por tanto, se produce un pánico en el núcleo. Solucione este problema demostrando en gsm_modem_update() que el procedimiento de limpieza no se ha iniciado y que el mux sigue activo. Tenga en cuenta que la escritura en un tty virtual ya está protegida mediante comprobaciones del estado de conexión específico de DLCI.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-21 CVE Reserved
- 2024-05-21 CVE Published
- 2024-05-22 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/dd37f657387853623f20c1b2482afbb9cd8ece33 | Vuln. Introduced | |
https://git.kernel.org/stable/c/c568f7086c6e771c77aad13d727c70ef70e07243 | Vuln. Introduced | |
https://git.kernel.org/stable/c/d834aba5f30d9a6f98f4ca1eb07e501f1989331c | Vuln. Introduced | |
https://git.kernel.org/stable/c/692e847a8e6607909c4a3f98ab16ccee7849bd11 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.61 < 5.15.138 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.61 < 5.15.138" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.1.62 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.62" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.5.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.5.11" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.1" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.18.18 Search vendor "Linux" for product "Linux Kernel" and version "5.18.18" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.19.2 Search vendor "Linux" for product "Linux Kernel" and version "5.19.2" | en |
Affected
|