CVE-2023-52492

MEDIUM

Linux Kernel 5.6-5.10.210 - NULL Pointer Dereference in DMA Channel Unregistration

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [...] [ 1.484499] Call trace: [ 1.486930] device_del+0x40/0x394 [ 1.490314] device_unregister+0x20/0x7c [ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0 Look at dma_async_device_register() function error path, channel device unregistration is done only if chan->local is not NULL. Then add the same condition at the beginning of __dma_async_device_channel_unregister() function, to avoid NULL pointer issue whatever the API used to reach this function.

Scores

CVSS v3 4.4
EPSS 0.0027
EPSS Percentile 18.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (21)
debian/debian_linux 10.0
linux/Kernel 5.11.0 - 5.15.149linux
linux/Kernel 5.16.0 - 6.1.76linux
linux/Kernel 5.6.0 - 5.10.210linux
linux/Kernel 6.2.0 - 6.6.15linux
linux/Kernel 6.7.0 - 6.7.3linux
Linux/Linux < 5.6
Linux/Linux 5.10.210 - 5.10.*
Linux/Linux 5.15.149 - 5.15.*
Linux/Linux 5.6
... and 11 more
Published Mar 11, 2024
Tracked Since Feb 18, 2026