| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122422-CVE-2023-54044-61d9@gregkh> Date: Wed, 24 Dec 2025 13:26:37 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54044: spmi: Add a check for remove callback when removing a SPMI driver From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: spmi: Add a check for remove callback when removing a SPMI driver When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver: dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_driver_internal+0x468/0x79c driver_detach+0x11c/0x1a0 bus_remove_driver+0xc4/0x124 driver_unregister+0x58/0x84 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic] __do_sys_delete_module+0x3ec/0x53c __arm64_sys_delete_module+0x18/0x28 el0_svc_common+0xdc/0x294 el0_svc+0x38/0x9c el0_sync_handler+0x8c/0xf0 el0_sync+0x1b4/0x1c0 If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver. The Linux kernel CVE team has assigned CVE-2023-54044 to this issue. Affected and fixed versions =========================== Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 4.14.315 with commit b95a69214daea4aab1c8bad96571d988a62e2c97 Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 4.19.283 with commit 699949219e35fe29fd42ccf8cd92c989c3d15109 Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 5.4.243 with commit 54dda732225555dc6d660e95793c54a0a44b612c Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 5.10.180 with commit c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 5.15.111 with commit ee0b6146317a98bfec848d7bde5586beb245a38f Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 6.1.28 with commit 428cc252701d6864151f3a296ffc23e1e49a7408 Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 6.2.15 with commit af763c29b9e7040fedd0077bca053b101438a3a4 Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 6.3.2 with commit 0f3ef30c1c05502f5de3b73b3715d5994845c1b4 Issue introduced in 3.15 with commit 5a86bf343976b9c8ab2f240bc866451fa67e5573 and fixed in 6.4 with commit b56eef3e16d888883fefab47425036de80dd38fc Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54044 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/spmi/spmi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b95a69214daea4aab1c8bad96571d988a62e2c97 https://git.kernel.org/stable/c/699949219e35fe29fd42ccf8cd92c989c3d15109 https://git.kernel.org/stable/c/54dda732225555dc6d660e95793c54a0a44b612c https://git.kernel.org/stable/c/c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b https://git.kernel.org/stable/c/ee0b6146317a98bfec848d7bde5586beb245a38f https://git.kernel.org/stable/c/428cc252701d6864151f3a296ffc23e1e49a7408 https://git.kernel.org/stable/c/af763c29b9e7040fedd0077bca053b101438a3a4 https://git.kernel.org/stable/c/0f3ef30c1c05502f5de3b73b3715d5994845c1b4 https://git.kernel.org/stable/c/b56eef3e16d888883fefab47425036de80dd38fc
Powered by blists - more mailing lists