CVE-2023-52882 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other undefined behaviour. After a lot of testing (30+ hours) while also doing a lot of frequency switches, we can't observe any instability issues anymore when doing reparenting to stable clock like 24 MHz oscillator.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a
https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069
https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff
https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90
https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175
https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019
https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66
https://lore.kernel.org/linux-cve-announce/2024053059-CVE-2023-52882-9b44@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52882
https://www.cve.org/CVERecord?id=CVE-2023-52882

History

Mon, 04 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-30T15:23:46.242Z

Updated: 2024-11-04T14:54:31.073Z

Reserved: 2024-05-21T15:35:00.781Z

Link: CVE-2023-52882

Vulnrichment

Updated: 2024-09-11T12:42:27.452Z

NVD

Status : Awaiting Analysis

Published: 2024-05-30T16:15:09.937

Modified: 2024-11-04T13:16:58.767

Link: CVE-2023-52882

Redhat

Severity : Low

Publid Date: 2024-05-30T00:00:00Z

Links: CVE-2023-52882 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52882", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:35:00.781Z", "datePublished": "2024-05-30T15:23:46.242Z", "dateUpdated": "2024-11-04T14:54:31.073Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:54:31.073Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change\n\nWhile PLL CPUX clock rate change when CPU is running from it works in\nvast majority of cases, now and then it causes instability. This leads\nto system crashes and other undefined behaviour. After a lot of testing\n(30+ hours) while also doing a lot of frequency switches, we can't\nobserve any instability issues anymore when doing reparenting to stable\nclock like 24 MHz oscillator."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/sunxi-ng/ccu-sun50i-h6.c"], "versions": [{"version": "524353ea480b", "lessThan": "fe11826ffa20", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "bfc78b462849", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "f1fa9a981620", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "70f64cb29014", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "0b82eb134d29", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "9708e5081cfc", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "7e91ed763dc0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/sunxi-ng/ccu-sun50i-h6.c"], "versions": [{"version": "4.17", "status": "affected"}, {"version": "0", "lessThan": "4.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.276", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.217", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.159", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.10", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"}, {"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"}, {"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"}, {"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"}, {"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"}, {"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"}, {"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"}], "title": "clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240912-0010/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-12T16:02:56.946Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52882", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:16:16.700921Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:35:00.657Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52882", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:35:00.781Z", "datePublished": "2024-05-30T15:23:46.242Z", "dateUpdated": "2024-08-02T23:18:41.165Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-30T15:23:46.242Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change\n\nWhile PLL CPUX clock rate change when CPU is running from it works in\nvast majority of cases, now and then it causes instability. This leads\nto system crashes and other undefined behaviour. After a lot of testing\n(30+ hours) while also doing a lot of frequency switches, we can't\nobserve any instability issues anymore when doing reparenting to stable\nclock like 24 MHz oscillator."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/sunxi-ng/ccu-sun50i-h6.c"], "versions": [{"version": "524353ea480b", "lessThan": "fe11826ffa20", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "bfc78b462849", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "f1fa9a981620", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "70f64cb29014", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "0b82eb134d29", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "9708e5081cfc", "status": "affected", "versionType": "git"}, {"version": "524353ea480b", "lessThan": "7e91ed763dc0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/sunxi-ng/ccu-sun50i-h6.c"], "versions": [{"version": "4.17", "status": "affected"}, {"version": "0", "lessThan": "4.17", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.276", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.217", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.159", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.10", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"}, {"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"}, {"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"}, {"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"}, {"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"}, {"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"}, {"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"}], "title": "clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52882", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:16:16.700921Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:27.452Z"}, "title": "CISA ADP Vulnrichment"}]}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change\n\nWhile PLL CPUX clock rate change when CPU is running from it works in\nvast majority of cases, now and then it causes instability. This leads\nto system crashes and other undefined behaviour. After a lot of testing\n(30+ hours) while also doing a lot of frequency switches, we can't\nobserve any instability issues anymore when doing reparenting to stable\nclock like 24 MHz oscillator."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: sunxi-ng: h6: CPUX reparent durante el cambio de velocidad de CPUX de PLL. Mientras que el cambio de velocidad de reloj de CPUX de PLL cuando la CPU se est\u00e1 ejecutando, funciona en la gran mayor\u00eda de los casos, de vez en cuando provoca inestabilidad. Esto provoca fallos del sistema y otros comportamientos indefinidos. Despu\u00e9s de muchas pruebas (m\u00e1s de 30 horas) y al mismo tiempo realizar muchos cambios de frecuencia, ya no podemos observar ning\u00fan problema de inestabilidad al realizar la reparaci\u00f3n a un reloj estable como un oscilador de 24 MHz."}], "id": "CVE-2023-52882", "lastModified": "2024-11-04T13:16:58.767", "metrics": {}, "published": "2024-05-30T16:15:09.937", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change", "id": "2284282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284282"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nclk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change\nWhile PLL CPUX clock rate change when CPU is running from it works in\nvast majority of cases, now and then it causes instability. This leads\nto system crashes and other undefined behaviour. After a lot of testing\n(30+ hours) while also doing a lot of frequency switches, we can't\nobserve any instability issues anymore when doing reparenting to stable\nclock like 24 MHz oscillator."], "name": "CVE-2023-52882", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52882\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52882\nhttps://lore.kernel.org/linux-cve-announce/2024053059-CVE-2023-52882-9b44@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.4.276, kernel 5.10.217, kernel 5.15.159, kernel 6.1.91, kernel 6.6.31, kernel 6.8.10, kernel 6.9"}