Description

In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrupting the transfer context 4. System is resumed 6. spi_controller_resume() calls spi_start_queue() which resets cur_msg to NULL 7. Spi transfer context resumes and spi_finalize_current_message() is called which dereferences cur_msg (which is now NULL) Wait for synchronous transfers to complete before suspending by acquiring the bus mutex and setting/checking a suspend flag.

INFO

Published Date :

2024-05-21T15:30:38.904Z

Last Modified :

2025-05-21T08:49:58.550Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-52749 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-52749.

URL Resource
https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068 cve-icon cve-icon
https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e cve-icon cve-icon
https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52749-684e@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52749 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52749 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact