{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52645", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.094Z", "datePublished": "2024-04-17T15:59:21.343Z", "dateUpdated": "2024-08-02T23:03:21.361Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:15:02.347Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "versions": [{"version": "59b644b01cf4", "lessThan": "475426ad1ae0", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf4", "lessThan": "339ddc983bc1", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf4", "lessThan": "f83b9abee9fa", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf4", "lessThan": "3cd1d92ee1db", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf4", "lessThan": "c41336f4d690", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.18", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.6", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438"}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff"}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25"}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b"}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5"}], "title": "pmdomain: mediatek: fix race conditions with genpd", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:41:05.492458Z", "id": "CVE-2023-52645", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:47:27.898Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.361Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.361Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52645", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:41:05.492458Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:41:07.047Z"}}], "cna": {"title": "pmdomain: mediatek: fix race conditions with genpd", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "59b644b01cf4", "lessThan": "475426ad1ae0", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf4", "lessThan": "339ddc983bc1", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf4", "lessThan": "f83b9abee9fa", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf4", "lessThan": "3cd1d92ee1db", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf4", "lessThan": "c41336f4d690", "versionType": "git"}], "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.150", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.80", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.18", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.6", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438"}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff"}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25"}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b"}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:15:02.347Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52645", "state": "PUBLISHED", "dateUpdated": "2024-08-02T23:03:21.361Z", "dateReserved": "2024-03-06T09:52:12.094Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T15:59:21.343Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95", "versionEndExcluding": "5.15.150", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B", "versionEndExcluding": "6.1.80", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD961E49-FEDA-47CF-BF23-4D2BD942B4E0", "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pmdomain: mediatek: corrige las condiciones de ejecuci\u00f3n con genpd, si los dominios de energ\u00eda se registran primero con genpd y *despu\u00e9s de eso* el controlador intenta encenderlos en la secuencia de sonda, entonces es Es posible que se produzca una condici\u00f3n de ejecuci\u00f3n si genpd intenta encenderlos al mismo tiempo. Lo mismo es v\u00e1lido para apagarlos antes de cancelar su registro en genpd. Intente arreglar las condiciones de ejecuci\u00f3n eliminando primero los dominios de genpd y *despu\u00e9s* apagando los dominios. Tambi\u00e9n primero encienda los dominios y *despu\u00e9s* reg\u00edstrelos en genpd."}], "id": "CVE-2023-52645", "lastModified": "2024-04-29T19:13:16.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T16:15:07.437", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: pmdomain: mediatek: fix race conditions with genpd", "id": "2275771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275771"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\npmdomain: mediatek: fix race conditions with genpd\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."], "name": "CVE-2023-52645", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52645\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52645\nhttps://lore.kernel.org/linux-cve-announce/2024041733-CVE-2023-52645-68dc@gregkh/T"], "statement": "No Red Hat Products are affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.150, kernel 6.1.80, kernel 6.6.18, kernel 6.7.6, kernel 6.8"}