CVE-2023-52860

{"id": "CVE-2023-52860", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T16:15:23.003", "references": [{"url": "https://git.kernel.org/stable/c/3f5827371763f2d9c70719c270055a81d030f3d0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4589403a343bb0c72a6faf5898386ff964d4e01a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/50b560783f7f71790bcf70e9e9855155fb0af8c1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d04ff5437a45f275db5530efb49b68d0ec851f6f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3f5827371763f2d9c70719c270055a81d030f3d0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/4589403a343bb0c72a6faf5898386ff964d4e01a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/50b560783f7f71790bcf70e9e9855155fb0af8c1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/d04ff5437a45f275db5530efb49b68d0ec851f6f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process\n\nWhen tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplug\ncallbacks after the device has been unregistered, leading to fireworks\nwhen we try to execute empty function callbacks within the driver:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n | CPU: 0 PID: 15 Comm: cpuhp/0 Tainted: G W O 5.12.0-rc4+ #1\n | Hardware name: , BIOS KpxxxFPGA 1P B600 V143 04/22/2021\n | pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--)\n | pc : perf_pmu_migrate_context+0x98/0x38c\n | lr : perf_pmu_migrate_context+0x94/0x38c\n |\n | Call trace:\n | perf_pmu_migrate_context+0x98/0x38c\n | hisi_hns3_pmu_offline_cpu+0x104/0x12c [hisi_hns3_pmu]\n\nUse cpuhp_state_remove_instance_nocalls() instead of\ncpuhp_state_remove_instance() so that the notifiers don't execute after\nthe PMU device has been unregistered.\n\n[will: Rewrote commit message]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() para el proceso uninit hisi_hns3_pmu. Al derribar una PMU 'hisi_hns3', ejecutamos por error las devoluciones de llamadas de conexi\u00f3n en caliente de la CPU despu\u00e9s de que el dispositivo haya sido anulado del registro, lo que lleva a a fuegos artificiales cuando intentamos ejecutar devoluciones de llamadas de funciones vac\u00edas dentro del controlador: | No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 | CPU: 0 PID: 15 Comunicaciones: cpuhp/0 Contaminado: GWO 5.12.0-rc4+ #1 | Nombre del hardware: , BIOS KpxxxFPGA 1P B600 V143 22/04/2021 | pstate: 80400009 (Nzcv daif +PAN -UAO -TCO BTYPE=--) | ordenador personal: perf_pmu_migrate_context+0x98/0x38c | lr: perf_pmu_migrate_context+0x94/0x38c | | Rastreo de llamadas: | perf_pmu_migrate_context+0x98/0x38c | hisi_hns3_pmu_offline_cpu+0x104/0x12c [hisi_hns3_pmu] Utilice cpuhp_state_remove_instance_nocalls() en lugar de cpuhp_state_remove_instance() para que los notificadores no se ejecuten despu\u00e9s de que el dispositivo PMU haya sido anulado del registro. [will: reescribir\u00e1 el mensaje de confirmaci\u00f3n]"}], "lastModified": "2025-02-03T15:45:51.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B5419D-32F0-4E82-9653-D45369F9A989", "versionEndExcluding": "6.1.63", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825F64D9-E99F-49AA-8A7B-EF7C2965C5B2", "versionEndExcluding": "6.5.12", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CBFF885-A4D3-4F21-B6FD-4D770034C048", "versionEndExcluding": "6.6.2", "versionStartIncluding": "6.6"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}