CVE-2023-52765 Affecting kernel-syms package, versions <6.4.0-150600.23.14.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-KERNELSYMS-7549001
- published 23 Jul 2024
- disclosed 22 Jul 2024
Introduced: 22 Jul 2024
CVE-2023-52765 Open this link in a new tabHow to fix?
Upgrade SLES:15.6
kernel-syms
to version 6.4.0-150600.23.14.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-syms
package and not the kernel-syms
package as distributed by SLES
.
See How to fix?
for SLES:15.6
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
mfd: qcom-spmi-pmic: Fix revid implementation
The Qualcomm SPMI PMIC revid implementation is broken in multiple ways.
First, it assumes that just because the sibling base device has been registered that means that it is also bound to a driver, which may not be the case (e.g. due to probe deferral or asynchronous probe). This could trigger a NULL-pointer dereference when attempting to access the driver data of the unbound device.
Second, it accesses driver data of a sibling device directly and without any locking, which means that the driver data may be freed while it is being accessed (e.g. on driver unbind).
Third, it leaks a struct device reference to the sibling device which is looked up using the spmi_device_from_of() every time a function (child) device is calling the revid function (e.g. on probe).
Fix this mess by reimplementing the revid lookup so that it is done only at probe of the PMIC device; the base device fetches the revid info from the hardware, while any secondary SPMI device fetches the information from the base device and caches it so that it can be accessed safely from its children. If the base device has not been probed yet then probe of a secondary device is deferred.
References
- https://www.suse.com/security/cve/CVE-2023-52765.html
- https://bugzilla.suse.com/1225029
- https://git.kernel.org/stable/c/4ce77b023d42a9f1062eecf438df1af4b4072eb2
- https://git.kernel.org/stable/c/7b439aaa62fee474a0d84d67a25f4984467e7b95
- https://git.kernel.org/stable/c/affae18838db5e6b463ee30c821385695af56dc2
- https://git.kernel.org/stable/c/db98de0809f12b0edb9cd1be78e1ec1bfeba8f40