CVE-2023-52493
Last modified
CVE-2023-52493 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to client can potentially queue buffers and acquire the write lock in that process. Any queueing of buffers should be done without channel read lock acquired as it can result in multiple locks and a soft lockup. [mani: added fixes tag and cc'ed stable]. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to client can potentially queue buffers and acquire the write lock in that process. Any queueing of buffers should be done without channel read lock acquired as it can result in multiple locks and a soft lockup. [mani: added fixes tag and cc'ed stable]
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.7, < 5.10.210 |
| Linux | Linux Kernel | >= 5.11, < 5.15.149 |
| Linux | Linux Kernel | >= 5.16, < 6.1.76 |
| Linux | Linux Kernel | >= 6.2, < 6.6.15 |
| Linux | Linux Kernel | >= 6.7, < 6.7.3 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-52493?
How severe is CVE-2023-52493?
How do I fix CVE-2023-52493?
Are you affected by CVE-2023-52493?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST