| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123052-CVE-2023-54244-9a1f@gregkh> Date: Tue, 30 Dec 2025 13:20:10 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54244: ACPI: EC: Fix oops when removing custom query handlers From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fix oops when removing custom query handlers When removing custom query handlers, the handler might still be used inside the EC query workqueue, causing a kernel oops if the module holding the callback function was already unloaded. Fix this by flushing the EC query workqueue when removing custom query handlers. Tested on a Acer Travelmate 4002WLMi The Linux kernel CVE team has assigned CVE-2023-54244 to this issue. Affected and fixed versions =========================== Fixed in 4.14.316 with commit 130e3eac51912f2c866e7d035992ede25f8feac0 Fixed in 4.19.284 with commit 0d528a7c421b1f1772fc1d29370b3b5fc0f42b19 Fixed in 5.4.244 with commit ccae2233e9935a038a35fe8cfd703df905f700e7 Fixed in 5.10.181 with commit 066b90bca755f0b876e7b027b75d1796861d6db0 Fixed in 5.15.113 with commit f4a573eed6377d356f835a4b00099d5dacee0da0 Fixed in 6.1.30 with commit 86a159fd5bdb01ec34b160cfda1a313b616d9302 Fixed in 6.3.4 with commit fd2c99e81ae0dbdd62a154ef9c77fc01715cc020 Fixed in 6.4 with commit e5b492c6bb900fcf9722e05f4a10924410e170c1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54244 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/acpi/ec.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/130e3eac51912f2c866e7d035992ede25f8feac0 https://git.kernel.org/stable/c/0d528a7c421b1f1772fc1d29370b3b5fc0f42b19 https://git.kernel.org/stable/c/ccae2233e9935a038a35fe8cfd703df905f700e7 https://git.kernel.org/stable/c/066b90bca755f0b876e7b027b75d1796861d6db0 https://git.kernel.org/stable/c/f4a573eed6377d356f835a4b00099d5dacee0da0 https://git.kernel.org/stable/c/86a159fd5bdb01ec34b160cfda1a313b616d9302 https://git.kernel.org/stable/c/fd2c99e81ae0dbdd62a154ef9c77fc01715cc020 https://git.kernel.org/stable/c/e5b492c6bb900fcf9722e05f4a10924410e170c1
Powered by blists - more mailing lists