// For flags

CVE-2023-52872

tty: n_gsm: fix race condition in status line change on dead connections

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tty: n_gsm: fix race condition in status line change on dead connections

gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all
timers, removing the virtual tty devices and clearing the data queues.
This procedure, however, may cause subsequent changes of the virtual modem
status lines of a DLCI. More data is being added the outgoing data queue
and the deleted kick timer is restarted to handle this. At this point many
resources have already been removed by the cleanup procedure. Thus, a
kernel panic occurs.

Fix this by proving in gsm_modem_update() that the cleanup procedure has
not been started and the mux is still alive.

Note that writing to a virtual tty is already protected by checks against
the DLCI specific connection state.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: corrige la condición de ejecución en la línea de estado, cambia en conexiones inactivas gsm_cleanup_mux() limpia el gsm cerrando todos los DLCI, deteniendo todos los temporizadores, eliminando los dispositivos tty virtuales y limpiando el colas de datos. Sin embargo, este procedimiento puede provocar cambios posteriores en las líneas de estado del módem virtual de un DLCI. Se agregan más datos a la cola de datos salientes y el temporizador de eliminación eliminado se reinicia para manejar esto. En este punto, el procedimiento de limpieza ya ha eliminado muchos recursos. Por tanto, se produce un pánico en el núcleo. Solucione este problema demostrando en gsm_modem_update() que el procedimiento de limpieza no se ha iniciado y que el mux sigue activo. Tenga en cuenta que la escritura en un tty virtual ya está protegida mediante comprobaciones del estado de conexión específico de DLCI.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-21 CVE Reserved
  • 2024-05-21 CVE Published
  • 2024-05-22 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.15.61 < 5.15.138
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.61 < 5.15.138"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.0 < 6.1.62
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.62"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.0 < 6.5.11
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.5.11"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.0 < 6.6.1
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.1"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.0 < 6.7
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.18.18
Search vendor "Linux" for product "Linux Kernel" and version "5.18.18"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.19.2
Search vendor "Linux" for product "Linux Kernel" and version "5.19.2"
en
Affected