CVE-2023-52872

{"id": "CVE-2023-52872", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T16:15:23.990", "references": [{"url": "https://git.kernel.org/stable/c/19d34b73234af542cc8a218cf398dee73cdb1890", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3a75b205de43365f80a33b98ec9289785da56243", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/81a4dd5e6c78f5d8952fa8c9d36565db1fe01444", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ce4df90333c4fe65acb8b5089fdfe9b955ce976a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/df6cfab66ff2a44bd23ad5dd5309cb3421bb6593", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix race condition in status line change on dead connections\n\ngsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all\ntimers, removing the virtual tty devices and clearing the data queues.\nThis procedure, however, may cause subsequent changes of the virtual modem\nstatus lines of a DLCI. More data is being added the outgoing data queue\nand the deleted kick timer is restarted to handle this. At this point many\nresources have already been removed by the cleanup procedure. Thus, a\nkernel panic occurs.\n\nFix this by proving in gsm_modem_update() that the cleanup procedure has\nnot been started and the mux is still alive.\n\nNote that writing to a virtual tty is already protected by checks against\nthe DLCI specific connection state."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: corrige la condici\u00f3n de ejecuci\u00f3n en la l\u00ednea de estado, cambia en conexiones inactivas gsm_cleanup_mux() limpia el gsm cerrando todos los DLCI, deteniendo todos los temporizadores, eliminando los dispositivos tty virtuales y limpiando el colas de datos. Sin embargo, este procedimiento puede provocar cambios posteriores en las l\u00edneas de estado del m\u00f3dem virtual de un DLCI. Se agregan m\u00e1s datos a la cola de datos salientes y el temporizador de eliminaci\u00f3n eliminado se reinicia para manejar esto. En este punto, el procedimiento de limpieza ya ha eliminado muchos recursos. Por tanto, se produce un p\u00e1nico en el n\u00facleo. Solucione este problema demostrando en gsm_modem_update() que el procedimiento de limpieza no se ha iniciado y que el mux sigue activo. Tenga en cuenta que la escritura en un tty virtual ya est\u00e1 protegida mediante comprobaciones del estado de conexi\u00f3n espec\u00edfico de DLCI."}], "lastModified": "2024-11-06T15:35:08.170", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}