| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091555-CVE-2023-53176-4194@gregkh> Date: Mon, 15 Sep 2025 16:02:30 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53176: serial: 8250: Reinit port->pm on port specific driver unbind From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port->pm on port specific driver unbind When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can produce the following at least on some TI SoCs: Unhandled fault: imprecise external abort (0x1406) Internal error: : 1406 [#1] SMP ARM Turns out that we may still have the serial port hardware specific driver port->pm in use, and serial8250_pm() tries to call it after the port specific driver is gone: serial8250_pm [8250_base] from uart_change_pm+0x54/0x8c [serial_base] uart_change_pm [serial_base] from uart_hangup+0x154/0x198 [serial_base] uart_hangup [serial_base] from __tty_hangup.part.0+0x328/0x37c __tty_hangup.part.0 from disassociate_ctty+0x154/0x20c disassociate_ctty from do_exit+0x744/0xaac do_exit from do_group_exit+0x40/0x8c do_group_exit from __wake_up_parent+0x0/0x1c Let's fix the issue by calling serial8250_set_defaults() in serial8250_unregister_port(). This will set the port back to using the serial8250 default functions, and sets the port->pm to point to serial8250_pm. The Linux kernel CVE team has assigned CVE-2023-53176 to this issue. Affected and fixed versions =========================== Fixed in 4.14.316 with commit 490bf37eaabb0a857ed1ae8e75d8854e41662f1c Fixed in 4.19.284 with commit c9e080c3005fd183c56ff8f4d75edb5da0765d2c Fixed in 5.4.244 with commit d5cd2928d31042a7c0a01464f9a8d95be736421d Fixed in 5.10.181 with commit 2c86a1305c1406f45ea780d06953c484ea1d9e6e Fixed in 5.15.113 with commit 1ba5594739d858e524ff0f398ee1ebfe0a8b9d41 Fixed in 6.1.30 with commit af4d6dbb1a92ea424ad1ba1d0c88c7fa2345d872 Fixed in 6.3.4 with commit 8e596aed5f2f98cf3e6e98d6fe1d689f4a319308 Fixed in 6.4 with commit 04e82793f068d2f0ffe62fcea03d007a8cdc16a7 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53176 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/serial/8250/8250_core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/490bf37eaabb0a857ed1ae8e75d8854e41662f1c https://git.kernel.org/stable/c/c9e080c3005fd183c56ff8f4d75edb5da0765d2c https://git.kernel.org/stable/c/d5cd2928d31042a7c0a01464f9a8d95be736421d https://git.kernel.org/stable/c/2c86a1305c1406f45ea780d06953c484ea1d9e6e https://git.kernel.org/stable/c/1ba5594739d858e524ff0f398ee1ebfe0a8b9d41 https://git.kernel.org/stable/c/af4d6dbb1a92ea424ad1ba1d0c88c7fa2345d872 https://git.kernel.org/stable/c/8e596aed5f2f98cf3e6e98d6fe1d689f4a319308 https://git.kernel.org/stable/c/04e82793f068d2f0ffe62fcea03d007a8cdc16a7
Powered by blists - more mailing lists