5.5

CVE-2023-52567

serial: 8250_port: Check IRQ data before use

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250_port: Check IRQ data before use

In case the leaf driver wants to use IRQ polling (irq = 0) and
IIR register shows that an interrupt happened in the 8250 hardware
the IRQ data can be NULL. In such a case we need to skip the wake
event as we came to this path from the timer interrupt and quite
likely system is already awake.

Without this fix we have got an Oops:

    serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A
    ...
    BUG: kernel NULL pointer dereference, address: 0000000000000010
    RIP: 0010:serial8250_handle_irq+0x7c/0x240
    Call Trace:
     ? serial8250_handle_irq+0x7c/0x240
     ? __pfx_serial8250_timeout+0x10/0x10
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.14.315 < 4.14.327
LinuxLinux Kernel Version >= 4.19.283 < 4.19.296
LinuxLinux Kernel Version >= 5.4.243 < 5.4.258
LinuxLinux Kernel Version >= 5.10.180 < 5.10.198
LinuxLinux Kernel Version >= 5.15.111 < 5.15.134
LinuxLinux Kernel Version >= 6.1.28 < 6.1.56
LinuxLinux Kernel Version >= 6.4 < 6.5.6
LinuxLinux Kernel Version6.6 Updaterc1
LinuxLinux Kernel Version6.6 Updaterc2
LinuxLinux Kernel Version6.6 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.13
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/2b837f13a818f96304736453ac53b66a70aaa4f2
Patch
https://git.kernel.org/stable/c/3345cc5f02f1fb4c4dcb114706f2210d879ab933
Patch
https://git.kernel.org/stable/c/bf3c728e3692cc6d998874f0f27d433117348742
Patch
https://git.kernel.org/stable/c/c334650150c29234b0923476f51573ae1b2f252a
Patch
https://git.kernel.org/stable/c/cce7fc8b29961b64fadb1ce398dc5ff32a79643b
Patch
https://git.kernel.org/stable/c/e14afa4450cb7e4cf93e993a765801203d41d014
Patch
https://git.kernel.org/stable/c/e14f68a48fd445a083ac0750fafcb064df5f18f7
Patch
https://git.kernel.org/stable/c/ee5732caaffba3a37e753fdb89b4958db9a61847
Patch