ghsa-rw5h-h7xq-wc78
Vulnerability from github
Published
2024-03-18 12:30
Modified
2024-10-31 21:31
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment

PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison.

Otherwise, tz->type is NULL when thermal-zones is undefined, resulting in the following error:

[ 12.290030] CPU 1 Unable to handle kernel paging request at virtual address fffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8 [ 12.302877] Oops[#1]: [ 12.305190] CPU: 1 PID: 181 Comm: systemd-udevd Not tainted 6.6.0-rc7+ #5385 [ 12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10 [ 12.320739] a0 0000000000000000 a1 fffffffffffffff1 a2 0000000000000014 a3 0000000000000001 [ 12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c [ 12.337606] t0 fffffffffffffff1 t1 54567fd5da9b4fd4 t2 900000010614ec40 t3 00000000000dc901 [ 12.346041] t4 0000000000000000 t5 0000000000000004 t6 900000010614ee20 t7 900000000d00b790 [ 12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40 [ 12.362916] s1 90000000039fced0 s2 ffffffffffffffed s3 ffffffffffffffed s4 9000000003acc000 [ 12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8 [ 12.362938] ra: 90000000031579b8 thermal_add_hwmon_sysfs+0x258/0x300 [ 12.386411] ERA: 900000000355f410 strscpy+0xf0/0x160 [ 12.391626] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 12.397898] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 12.403678] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 12.409859] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 12.415882] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 12.415907] BADV: fffffffffffffff1 [ 12.415911] PRID: 0014a000 (Loongson-64bit, Loongson-2K1000) [ 12.415917] Modules linked in: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc [ 12.415950] Process systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3) [ 12.415961] Stack : 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358 [ 12.415982] ffffffffffffffed 0000000000000004 9000000107a10aa8 90000001002a3410 [ 12.415999] ffffffffffffffed ffffffffffffffed 9000000107a11268 9000000003157ab0 [ 12.416016] 9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed [ 12.416032] 0000000000000024 ffffff80020cc1e8 900000000402b2a0 9000000003acc000 [ 12.416048] 90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410 [ 12.416065] 0000000000000000 9000000002df6808 90000001002a3410 0000000000000000 [ 12.416081] ffffff80020f4030 0000000000000000 90000001002a3410 9000000002df2ba8 [ 12.416097] 00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002 [ 12.416114] ffffff80020f4030 fffffffffffffff0 90000001002a3410 9000000002df2f30 [ 12.416131] ... [ 12.416138] Call Trace: [ 12.416142] [<900000000355f410>] strscpy+0xf0/0x160 [ 12.416167] [<90000000031579b8>] thermal_add_hwmon_sysfs+0x258/0x300 [ 12.416183] [<9000000003157ab0>] devm_thermal_add_hwmon_sysfs+0x50/0xe0 [ 12.416200] [] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal] [ 12.416232] [<9000000002df6808>] platform_probe+0x68/0x140 [ 12.416249] [<9000000002df2ba8>] really_probe+0xc8/0x3c0 [ 12.416269] [<9000000002df2f30>] __driver_probe_device+0x90/0x180 [ 12.416286] [<9000000002df3058>] driver_probe_device+0x38/0x160 [ 12.416302] [<9000000002df33a8>] __driver_attach+0xa8/0x200 [ 12.416314] [<9000000002deffec>] bus_for_each_dev+0x8c/0x120 [ 12.416330] [<9000000002df198c>] bus_add_driver+0x10c/0x2a0 [ 12.416346] [<9000000002df46b4>] driver_register+0x74/0x160 [ 12.416358] [<90000000022201a4>] do_one_initcall+0x84/0x220 [ 12.416372] [<90000000022f3ab8>] do_init_module+0x58/0x2c0 [ ---truncated---

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2023-52613"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-18T11:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment\n\nPTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need\n-ENODEV as the right value for comparison.\n\nOtherwise, tz-\u003etype is NULL when thermal-zones is undefined, resulting\nin the following error:\n\n[   12.290030] CPU 1 Unable to handle kernel paging request at virtual address fffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8\n[   12.302877] Oops[#1]:\n[   12.305190] CPU: 1 PID: 181 Comm: systemd-udevd Not tainted 6.6.0-rc7+ #5385\n[   12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10\n[   12.320739] a0 0000000000000000 a1 fffffffffffffff1 a2 0000000000000014 a3 0000000000000001\n[   12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c\n[   12.337606] t0 fffffffffffffff1 t1 54567fd5da9b4fd4 t2 900000010614ec40 t3 00000000000dc901\n[   12.346041] t4 0000000000000000 t5 0000000000000004 t6 900000010614ee20 t7 900000000d00b790\n[   12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40\n[   12.362916] s1 90000000039fced0 s2 ffffffffffffffed s3 ffffffffffffffed s4 9000000003acc000\n[   12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8\n[   12.362938]    ra: 90000000031579b8 thermal_add_hwmon_sysfs+0x258/0x300\n[   12.386411]   ERA: 900000000355f410 strscpy+0xf0/0x160\n[   12.391626]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[   12.397898]  PRMD: 00000004 (PPLV0 +PIE -PWE)\n[   12.403678]  EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[   12.409859]  ECFG: 00071c1c (LIE=2-4,10-12 VS=7)\n[   12.415882] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[   12.415907]  BADV: fffffffffffffff1\n[   12.415911]  PRID: 0014a000 (Loongson-64bit, Loongson-2K1000)\n[   12.415917] Modules linked in: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc\n[   12.415950] Process systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3)\n[   12.415961] Stack : 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358\n[   12.415982]         ffffffffffffffed 0000000000000004 9000000107a10aa8 90000001002a3410\n[   12.415999]         ffffffffffffffed ffffffffffffffed 9000000107a11268 9000000003157ab0\n[   12.416016]         9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed\n[   12.416032]         0000000000000024 ffffff80020cc1e8 900000000402b2a0 9000000003acc000\n[   12.416048]         90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410\n[   12.416065]         0000000000000000 9000000002df6808 90000001002a3410 0000000000000000\n[   12.416081]         ffffff80020f4030 0000000000000000 90000001002a3410 9000000002df2ba8\n[   12.416097]         00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002\n[   12.416114]         ffffff80020f4030 fffffffffffffff0 90000001002a3410 9000000002df2f30\n[   12.416131]         ...\n[   12.416138] Call Trace:\n[   12.416142] [\u003c900000000355f410\u003e] strscpy+0xf0/0x160\n[   12.416167] [\u003c90000000031579b8\u003e] thermal_add_hwmon_sysfs+0x258/0x300\n[   12.416183] [\u003c9000000003157ab0\u003e] devm_thermal_add_hwmon_sysfs+0x50/0xe0\n[   12.416200] [\u003cffffff80020cc1e8\u003e] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal]\n[   12.416232] [\u003c9000000002df6808\u003e] platform_probe+0x68/0x140\n[   12.416249] [\u003c9000000002df2ba8\u003e] really_probe+0xc8/0x3c0\n[   12.416269] [\u003c9000000002df2f30\u003e] __driver_probe_device+0x90/0x180\n[   12.416286] [\u003c9000000002df3058\u003e] driver_probe_device+0x38/0x160\n[   12.416302] [\u003c9000000002df33a8\u003e] __driver_attach+0xa8/0x200\n[   12.416314] [\u003c9000000002deffec\u003e] bus_for_each_dev+0x8c/0x120\n[   12.416330] [\u003c9000000002df198c\u003e] bus_add_driver+0x10c/0x2a0\n[   12.416346] [\u003c9000000002df46b4\u003e] driver_register+0x74/0x160\n[   12.416358] [\u003c90000000022201a4\u003e] do_one_initcall+0x84/0x220\n[   12.416372] [\u003c90000000022f3ab8\u003e] do_init_module+0x58/0x2c0\n[\n---truncated---",
  "id": "GHSA-rw5h-h7xq-wc78",
  "modified": "2024-10-31T21:31:44Z",
  "published": "2024-03-18T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52613"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15ef92e9c41124ee9d88b01208364f3fe1f45f84"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6010a9fc14eb1feab5cafd84422001134fe8ec58"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70481755ed77400e783200e2d022e5fea16060ce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.