Bug 2265792 (CVE-2023-52456)
| Summary: | CVE-2023-52456 kernel: imx: fix tx statemachine deadlock | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 6.8-rc1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the UART driver handling RS485 communication in the Linux Kernel when an unexpected closure of the TTY port occurs, such as during a userland application crash. In this scenario, the imx_uart_shutdown function disables the UART interface and the Transmission Complete (TC) interrupt. Subsequently, the imx_uart_stop_tx function attempts to stop the transmission but exits prematurely if the transmission is incomplete, expecting the now-disabled TC interrupt to complete the process. This results in the transmission state machine remaining in a deadlocked SEND state, leaving the TX_EN pin low and rendering the RS485 interface non-functional. This vulnerability can lead to communication failures and potential system instability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2265804 | ||
| Bug Blocks: | 2265790 | ||
|
Description
Patrick Del Bello
2024-02-24 11:19:56 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2265804] Issue introduced in 5.9 with commit cb1a60923609 and fixed in 5.10.209 with commit 6e04a9d30509 Issue introduced in 5.9 with commit cb1a60923609 and fixed in 5.15.148 with commit ff168d4fdb0e Issue introduced in 5.9 with commit cb1a60923609 and fixed in 6.1.75 with commit 63ee7be01a3f Issue introduced in 5.9 with commit cb1a60923609 and fixed in 6.6.14 with commit 763cd6874631 Issue introduced in 5.9 with commit cb1a60923609 and fixed in 6.7.2 with commit 9a662d06c22d Issue introduced in 5.9 with commit cb1a60923609 and fixed in 6.8-rc1 with commit 78d60dae9a0c This was fixed for Fedora with the 6.6.14 stable kernel updates. The result of automatic check (that is developed by Alexander Larkin) for this CVE-2023-52456 is: CHECK Maybe valid. Check manually. with impact MODERATE (that is approximation based on flags DEADLOCK DANGER PRINTF-TTY IMPROVEONLY ; these flags parsed automatically based on patche data). Such automatic check happens only for Low/Moderates (and only when not from reporter, but parsing already existing CVE). Highs always checked manually (I check it myself and then we check it again in Remediation team). In rare cases some of the Moderates could be increased to High later. |