In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [...] [ 1.484499] Call trace: [ 1.486930] device_del+0x40/0x394 [ 1.490314] device_unregister+0x20/0x7c [ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0 Look at dma_async_device_register() function error path, channel device unregistration is done only if chan->local is not NULL. Then add the same condition at the beginning of __dma_async_device_channel_unregister() function, to avoid NULL pointer issue whatever the API used to reach this function.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9

Wed, 06 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux

Mon, 04 Nov 2024 13:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-29T15:52:10.499Z

Updated: 2024-11-06T19:02:52.592Z

Reserved: 2024-02-20T12:30:33.304Z

Link: CVE-2023-52492

cve-icon Vulnrichment

Updated: 2024-08-02T23:03:19.973Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-11T18:15:16.877

Modified: 2024-11-21T08:39:53.663

Link: CVE-2023-52492

cve-icon Redhat

Severity : Low

Publid Date: 2024-02-29T00:00:00Z

Links: CVE-2023-52492 - Bugzilla