{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52456", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.294Z", "datePublished": "2024-02-23T14:46:19.139Z", "dateUpdated": "2024-11-04T14:47:06.989Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:47:06.989Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: fix tx statemachine deadlock\n\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\n\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/imx.c"], "versions": [{"version": "cb1a60923609", "lessThan": "6e04a9d30509", "status": "affected", "versionType": "git"}, {"version": "cb1a60923609", "lessThan": "ff168d4fdb0e", "status": "affected", "versionType": "git"}, {"version": "cb1a60923609", "lessThan": "63ee7be01a3f", "status": "affected", "versionType": "git"}, {"version": "cb1a60923609", "lessThan": "763cd6874631", "status": "affected", "versionType": "git"}, {"version": "cb1a60923609", "lessThan": "9a662d06c22d", "status": "affected", "versionType": "git"}, {"version": "cb1a60923609", "lessThan": "78d60dae9a0c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/imx.c"], "versions": [{"version": "5.9", "status": "affected"}, {"version": "0", "lessThan": "5.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.209", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda"}, {"url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19"}, {"url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06"}, {"url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181"}, {"url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b"}, {"url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0"}], "title": "serial: imx: fix tx statemachine deadlock", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52456", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-23T17:01:14.114676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:14.564Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:19.652Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:19.652Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52456", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-23T17:01:14.114676Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.102Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "serial: imx: fix tx statemachine deadlock", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "cb1a60923609", "lessThan": "6e04a9d30509", "versionType": "git"}, {"status": "affected", "version": "cb1a60923609", "lessThan": "ff168d4fdb0e", "versionType": "git"}, {"status": "affected", "version": "cb1a60923609", "lessThan": "63ee7be01a3f", "versionType": "git"}, {"status": "affected", "version": "cb1a60923609", "lessThan": "763cd6874631", "versionType": "git"}, {"status": "affected", "version": "cb1a60923609", "lessThan": "9a662d06c22d", "versionType": "git"}, {"status": "affected", "version": "cb1a60923609", "lessThan": "78d60dae9a0c", "versionType": "git"}], "programFiles": ["drivers/tty/serial/imx.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.9"}, {"status": "unaffected", "version": "0", "lessThan": "5.9", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.209", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.148", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.75", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.14", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/tty/serial/imx.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda"}, {"url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19"}, {"url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06"}, {"url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181"}, {"url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b"}, {"url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: fix tx statemachine deadlock\n\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\n\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:47:06.989Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52456", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:47:06.989Z", "dateReserved": "2024-02-20T12:30:33.294Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-23T14:46:19.139Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDB2CF71-A47E-4390-B675-6597A78D6ADE", "versionEndExcluding": "5.10.209", "versionStartIncluding": "5.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B", "versionEndExcluding": "5.15.148", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9", "versionEndExcluding": "6.1.75", "versionStartIncluding": "5.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: fix tx statemachine deadlock\n\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\n\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: imx: corrige el punto muerto de la m\u00e1quina de estado tx Cuando se usa el puerto serie como puerto RS485, la m\u00e1quina de estado tx se usa para controlar el pin RTS para controlar el pin TX_EN del transceptor RS485. Cuando el puerto TTY se cierra en medio de una transmisi\u00f3n (por ejemplo, durante una falla de la aplicaci\u00f3n en el \u00e1rea de usuario), imx_uart_shutdown deshabilita la interfaz y deshabilita la interrupci\u00f3n de transmisi\u00f3n completa. Despu\u00e9s de eso, imx_uart_stop_tx abandona una transmisi\u00f3n incompleta, para ser reactivada por la interrupci\u00f3n de TC. Esta interrupci\u00f3n est\u00e1 deshabilitada y, por lo tanto, la m\u00e1quina de estados tx nunca sale de ENVIAR. La m\u00e1quina de estados ahora est\u00e1 en punto muerto y TX_EN permanece bajo, lo que hace que la interfaz sea in\u00fatil. imx_uart_stop_tx ahora verifica si hay transmisiones incompletas Y si las interrupciones TC est\u00e1n habilitadas antes de volver a activar el rescate. Esto garantiza que se alcance el estado de manejo de la m\u00e1quina y que est\u00e9 configurado correctamente en WAIT_AFTER_SEND."}], "id": "CVE-2023-52456", "lastModified": "2024-11-04T13:16:31.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-23T15:15:08.237", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: imx: fix tx statemachine deadlock", "id": "2265792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265792"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nserial: imx: fix tx statemachine deadlock\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND.", "A flaw was found in the UART driver handling RS485 communication in the Linux Kernel when an unexpected closure of the TTY port occurs, such as during a userland application crash. In this scenario, the imx_uart_shutdown function disables the UART interface and the Transmission Complete (TC) interrupt. Subsequently, the imx_uart_stop_tx function attempts to stop the transmission but exits prematurely if the transmission is incomplete, expecting the now-disabled TC interrupt to complete the process. This results in the transmission state machine remaining in a deadlocked SEND state, leaving the TX_EN pin low and rendering the RS485 interface non-functional. This vulnerability can lead to communication failures and potential system instability."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available for this vulnerability. Make sure to perform the updates as they become available."}, "name": "CVE-2023-52456", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52456\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52456\nhttps://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52456-f9dd@gregkh/T/#u"], "statement": "This vulnerability is considered of Moderate severity because it leads to a deadlock in the transmission state machine, rendering the RS485 interface non-functional and potentially disrupting serial communication. While it does not directly compromise data integrity or security, it can cause significant operational issues, especially in systems relying on continuous and reliable RS485 communication. The impact is limited to the availability of the serial interface rather than the broader system, and it requires a specific condition\u2014an unexpected TTY port closure during transmission\u2014to be triggered.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.8-rc1"}