Bug 2426096 (CVE-2023-54244)

Summary: CVE-2023-54244 kernel: ACPI: EC: Fix oops when removing custom query handlers
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's ACPI Embedded Controller (EC) subsystem. When removing custom query handlers, a kernel oops can occur if the handler is still being executed in the EC query workqueue while the module containing the callback function is being unloaded. The fix ensures the workqueue is flushed before handler removal.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-30 13:08:46 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ACPI: EC: Fix oops when removing custom query handlers

When removing custom query handlers, the handler might still
be used inside the EC query workqueue, causing a kernel oops
if the module holding the callback function was already unloaded.

Fix this by flushing the EC query workqueue when removing
custom query handlers.

Tested on a Acer Travelmate 4002WLMi
Comment 1 Alexander B 2025-12-31 09:37:19 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025123052-CVE-2023-54244-9a1f@gregkh/T