cve/published/2023/CVE-2023-52567.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52567: serial: 8250_port: Check IRQ data before use

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 serial: 8250_port: Check IRQ data before use

 In case the leaf driver wants to use IRQ polling (irq = 0) and
 IIR register shows that an interrupt happened in the 8250 hardware
 the IRQ data can be NULL. In such a case we need to skip the wake
 event as we came to this path from the timer interrupt and quite
 likely system is already awake.

 Without this fix we have got an Oops:

     serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A
     ...
     BUG: kernel NULL pointer dereference, address: 0000000000000010
     RIP: 0010:serial8250_handle_irq+0x7c/0x240
     Call Trace:
      ? serial8250_handle_irq+0x7c/0x240
      ? __pfx_serial8250_timeout+0x10/0x10

 The Linux kernel CVE team has assigned CVE-2023-52567 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.14.315 with commit edfe57aedff4ecf3606533aabf8ecf7676c3c5d9 and fixed in 4.14.327 with commit ee5732caaffba3a37e753fdb89b4958db9a61847
 	Issue introduced in 4.19.283 with commit 0bd49a043c7984c93c2a0af41222fb71c3986a4e and fixed in 4.19.296 with commit c334650150c29234b0923476f51573ae1b2f252a
 	Issue introduced in 5.4.243 with commit 572d48361aa0a6e6f16c1470e5407de183493d0c and fixed in 5.4.258 with commit bf3c728e3692cc6d998874f0f27d433117348742
 	Issue introduced in 5.10.180 with commit d5d628fea5f6181809a9d61b04de6ade53277684 and fixed in 5.10.198 with commit e14afa4450cb7e4cf93e993a765801203d41d014
 	Issue introduced in 5.15.111 with commit 424cf29296354d7b9c6c038aaa7bb71782100851 and fixed in 5.15.134 with commit 2b837f13a818f96304736453ac53b66a70aaa4f2
 	Issue introduced in 6.1.28 with commit 727e92fe13e81c6088a88d83e466b2b1b553c4e3 and fixed in 6.1.56 with commit e14f68a48fd445a083ac0750fafcb064df5f18f7
 	Issue introduced in 6.4 with commit 0ba9e3a13c6adfa99e32b2576d20820ab10ad48a and fixed in 6.5.6 with commit 3345cc5f02f1fb4c4dcb114706f2210d879ab933
 	Issue introduced in 6.4 with commit 0ba9e3a13c6adfa99e32b2576d20820ab10ad48a and fixed in 6.6 with commit cce7fc8b29961b64fadb1ce398dc5ff32a79643b
 	Issue introduced in 6.2.15 with commit d7c6aa39eb041e2a6a53106104200d11e2acc87f
 	Issue introduced in 6.3.2 with commit f5fd2fd999b364801e9790c6f69f3fe3f40ed60f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52567
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/tty/serial/8250/8250_port.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847
 	https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a
 	https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742
 	https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014
 	https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2
 	https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7
 	https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933
 	https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52567: serial: 8250_port: Check IRQ data before use

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	serial: 8250_port: Check IRQ data before use

	In case the leaf driver wants to use IRQ polling (irq = 0) and
	IIR register shows that an interrupt happened in the 8250 hardware
	the IRQ data can be NULL. In such a case we need to skip the wake
	event as we came to this path from the timer interrupt and quite
	likely system is already awake.

	Without this fix we have got an Oops:

	serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A
	...
	BUG: kernel NULL pointer dereference, address: 0000000000000010
	RIP: 0010:serial8250_handle_irq+0x7c/0x240
	Call Trace:
	? serial8250_handle_irq+0x7c/0x240
	? __pfx_serial8250_timeout+0x10/0x10

	The Linux kernel CVE team has assigned CVE-2023-52567 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.14.315 with commit edfe57aedff4ecf3606533aabf8ecf7676c3c5d9 and fixed in 4.14.327 with commit ee5732caaffba3a37e753fdb89b4958db9a61847
	Issue introduced in 4.19.283 with commit 0bd49a043c7984c93c2a0af41222fb71c3986a4e and fixed in 4.19.296 with commit c334650150c29234b0923476f51573ae1b2f252a
	Issue introduced in 5.4.243 with commit 572d48361aa0a6e6f16c1470e5407de183493d0c and fixed in 5.4.258 with commit bf3c728e3692cc6d998874f0f27d433117348742
	Issue introduced in 5.10.180 with commit d5d628fea5f6181809a9d61b04de6ade53277684 and fixed in 5.10.198 with commit e14afa4450cb7e4cf93e993a765801203d41d014
	Issue introduced in 5.15.111 with commit 424cf29296354d7b9c6c038aaa7bb71782100851 and fixed in 5.15.134 with commit 2b837f13a818f96304736453ac53b66a70aaa4f2
	Issue introduced in 6.1.28 with commit 727e92fe13e81c6088a88d83e466b2b1b553c4e3 and fixed in 6.1.56 with commit e14f68a48fd445a083ac0750fafcb064df5f18f7
	Issue introduced in 6.4 with commit 0ba9e3a13c6adfa99e32b2576d20820ab10ad48a and fixed in 6.5.6 with commit 3345cc5f02f1fb4c4dcb114706f2210d879ab933
	Issue introduced in 6.4 with commit 0ba9e3a13c6adfa99e32b2576d20820ab10ad48a and fixed in 6.6 with commit cce7fc8b29961b64fadb1ce398dc5ff32a79643b
	Issue introduced in 6.2.15 with commit d7c6aa39eb041e2a6a53106104200d11e2acc87f
	Issue introduced in 6.3.2 with commit f5fd2fd999b364801e9790c6f69f3fe3f40ed60f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52567
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/tty/serial/8250/8250_port.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847
	https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a
	https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742
	https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014
	https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2
	https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7
	https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933
	https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b