| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091642-CVE-2023-53310-8d40@gregkh> Date: Tue, 16 Sep 2025 18:11:55 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53310: power: supply: axp288_fuel_gauge: Fix external_power_changed race From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: power: supply: axp288_fuel_gauge: Fix external_power_changed race fuel_gauge_external_power_changed() dereferences info->bat, which gets sets in axp288_fuel_gauge_probe() like this: info->bat = devm_power_supply_register(dev, &fuel_gauge_desc, &psy_cfg); As soon as devm_power_supply_register() has called device_add() the external_power_changed callback can get called. So there is a window where fuel_gauge_external_power_changed() may get called while info->bat has not been set yet leading to a NULL pointer dereference. Fixing this is easy. The external_power_changed callback gets passed the power_supply which will eventually get stored in info->bat, so fuel_gauge_external_power_changed() can simply directly use the passed in psy argument which is always valid. The Linux kernel CVE team has assigned CVE-2023-53310 to this issue. Affected and fixed versions =========================== Issue introduced in 5.18 with commit 30abb3d07929137bf72327560e1595508a692c4e and fixed in 6.1.31 with commit 0456b912121e45b3ef54abe3135e5dcb541f956c Issue introduced in 5.18 with commit 30abb3d07929137bf72327560e1595508a692c4e and fixed in 6.3.5 with commit a636c6ba9ce898207f283271cb28511206ab739b Issue introduced in 5.18 with commit 30abb3d07929137bf72327560e1595508a692c4e and fixed in 6.4 with commit f8319774d6f1567d6e7d03653174ab0c82c5c66d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53310 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/power/supply/axp288_fuel_gauge.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0456b912121e45b3ef54abe3135e5dcb541f956c https://git.kernel.org/stable/c/a636c6ba9ce898207f283271cb28511206ab739b https://git.kernel.org/stable/c/f8319774d6f1567d6e7d03653174ab0c82c5c66d
Powered by blists - more mailing lists