{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52498", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.305Z", "datePublished": "2024-02-29T15:52:14.029Z", "dateUpdated": "2024-12-19T08:20:58.338Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:20:58.338Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device's resume callback to be invoked before a\nrequisite supplier device's one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/power/main.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f46eb832389f162ad13cb780d0b8cde93641990d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a1d62c775b07213c73f81ae842424c74dd14b5f0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e1c9d32c98309ae764893a481552d3f99d46cb34", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e681e29d1f59a04ef773296e4bebb17b1b79f8fe", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9bd3dce27b01c51295b60e1433e1dadfb16649f7", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/power/main.c"], "versions": [{"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.76", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.15", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.3", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"}, {"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"}, {"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"}, {"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"}, {"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"}, {"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"}], "title": "PM: sleep: Fix possible deadlocks in core system-wide PM code", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.585Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52498", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:57:20.713823Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:51.225Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.585Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52498", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:57:20.713823Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.207Z"}}], "cna": {"title": "PM: sleep: Fix possible deadlocks in core system-wide PM code", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f46eb832389f162ad13cb780d0b8cde93641990d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a1d62c775b07213c73f81ae842424c74dd14b5f0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e1c9d32c98309ae764893a481552d3f99d46cb34", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e681e29d1f59a04ef773296e4bebb17b1b79f8fe", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9bd3dce27b01c51295b60e1433e1dadfb16649f7", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557", "versionType": "git"}], "programFiles": ["drivers/base/power/main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.76", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.15", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.3", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/base/power/main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"}, {"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"}, {"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"}, {"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"}, {"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"}, {"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device's resume callback to be invoked before a\nrequisite supplier device's one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:20:58.338Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52498", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:20:58.338Z", "dateReserved": "2024-02-20T12:30:33.305Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T15:52:14.029Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "24443040-F8E0-445D-8395-40A94214526C", "versionEndExcluding": "5.10.210", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD", "versionEndExcluding": "5.15.149", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E", "versionEndExcluding": "6.1.76", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468", "versionEndExcluding": "6.6.15", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF", "versionEndExcluding": "6.7.3", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device's resume callback to be invoked before a\nrequisite supplier device's one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PM: suspensi\u00f3n: soluciona posibles bloqueos en el c\u00f3digo PM de todo el sistema central. Se informa que en situaciones de poca memoria, el c\u00f3digo central de reanudaci\u00f3n de todo el sistema se bloquea porque async_schedule_dev() ejecuta su el argumento funciona sincr\u00f3nicamente si no puede asignar memoria (y no solo en ese caso) y esa funci\u00f3n intenta adquirir un mutex que ya est\u00e1 retenido. La ejecuci\u00f3n de la funci\u00f3n de argumento sincr\u00f3nicamente desde dpm_async_fn() tambi\u00e9n puede ser problem\u00e1tica por razones de pedido (puede causar que la devoluci\u00f3n de llamada de curr\u00edculum de un dispositivo consumidor se invoque antes que la de un dispositivo proveedor requerido, por ejemplo). Solucione este problema cambiando el c\u00f3digo en cuesti\u00f3n para usar async_schedule_dev_nocall() para programar la ejecuci\u00f3n asincr\u00f3nica de las funciones de suspensi\u00f3n y reanudaci\u00f3n del dispositivo y para ejecutarlas directamente de forma sincr\u00f3nica si async_schedule_dev_nocall() devuelve falso."}], "id": "CVE-2023-52498", "lastModified": "2024-12-12T17:32:20.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-03-11T18:15:17.130", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: PM: sleep: Fix possible deadlocks in core system-wide PM code", "id": "2269063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269063"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nPM: sleep: Fix possible deadlocks in core system-wide PM code\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device's resume callback to be invoked before a\nrequisite supplier device's one, for example).\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false.", "A flaw was found in the Linux Kernel. In low-memory situations, there is a possibility of a code deadlock that may lead to a hang."], "name": "CVE-2023-52498", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52498\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52498\nhttps://lore.kernel.org/linux-cve-announce/[email protected]/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.210, kernel 5.15.149, kernel 6.1.76, kernel 6.6.15, kernel 6.7.3, kernel 6.8"}