CVE-2023-52645 - Vulnerability Details - OpenCVE

ReportizFlow

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after that* powering down domains. Also first power up the domains and *after that* register them to genpd.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff
https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b
https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438
https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5
https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25
https://lore.kernel.org/linux-cve-announce/2024041733-CVE-2023-52645-68dc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52645
https://www.cve.org/CVERecord?id=CVE-2023-52645

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T15:59:21.343Z

Updated: 2024-12-19T08:23:15.093Z

Reserved: 2024-03-06T09:52:12.094Z

Link: CVE-2023-52645

Vulnrichment

Updated: 2024-08-02T23:03:21.361Z

NVD

Status : Modified

Published: 2024-04-17T16:15:07.437

Modified: 2024-11-21T08:40:16.490

Link: CVE-2023-52645

Redhat

Severity : Moderate

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2023-52645 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52645", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-06T09:52:12.094Z", "datePublished": "2024-04-17T15:59:21.343Z", "dateUpdated": "2024-12-19T08:23:15.093Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:23:15.093Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "versions": [{"version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "475426ad1ae0bfdfd8f160ed9750903799392438", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "339ddc983bc1622341d95f244c361cda3da3a4ff", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "f83b9abee9faa4868a6fac4669b86f4c215dae25", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "3cd1d92ee1dbf3e8f988767eb75f26207397792b", "status": "affected", "versionType": "git"}, {"version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "c41336f4d69057cbf88fed47951379b384540df5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.18", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.6", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438"}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff"}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25"}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b"}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5"}], "title": "pmdomain: mediatek: fix race conditions with genpd", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:41:05.492458Z", "id": "CVE-2023-52645", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:47:27.898Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.361Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:21.361Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52645", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:41:05.492458Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:41:07.047Z"}}], "cna": {"title": "pmdomain: mediatek: fix race conditions with genpd", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "475426ad1ae0bfdfd8f160ed9750903799392438", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "339ddc983bc1622341d95f244c361cda3da3a4ff", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "f83b9abee9faa4868a6fac4669b86f4c215dae25", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "3cd1d92ee1dbf3e8f988767eb75f26207397792b", "versionType": "git"}, {"status": "affected", "version": "59b644b01cf48d6042f3c5983d464921a4920845", "lessThan": "c41336f4d69057cbf88fed47951379b384540df5", "versionType": "git"}], "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.150", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.80", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.18", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.6", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/pmdomain/mediatek/mtk-pm-domains.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438"}, {"url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff"}, {"url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25"}, {"url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b"}, {"url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:23:15.093Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52645", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:23:15.093Z", "dateReserved": "2024-03-06T09:52:12.094Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T15:59:21.343Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95", "versionEndExcluding": "5.15.150", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B", "versionEndExcluding": "6.1.80", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD961E49-FEDA-47CF-BF23-4D2BD942B4E0", "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix race conditions with genpd\n\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pmdomain: mediatek: corrige las condiciones de ejecuci\u00f3n con genpd, si los dominios de energ\u00eda se registran primero con genpd y *despu\u00e9s de eso* el controlador intenta encenderlos en la secuencia de sonda, entonces es Es posible que se produzca una condici\u00f3n de ejecuci\u00f3n si genpd intenta encenderlos al mismo tiempo. Lo mismo es v\u00e1lido para apagarlos antes de cancelar su registro en genpd. Intente arreglar las condiciones de ejecuci\u00f3n eliminando primero los dominios de genpd y *despu\u00e9s* apagando los dominios. Tambi\u00e9n primero encienda los dominios y *despu\u00e9s* reg\u00edstrelos en genpd."}], "id": "CVE-2023-52645", "lastModified": "2024-11-21T08:40:16.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-04-17T16:15:07.437", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: pmdomain: mediatek: fix race conditions with genpd", "id": "2275771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275771"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\npmdomain: mediatek: fix race conditions with genpd\nIf the power domains are registered first with genpd and *after that*\nthe driver attempts to power them on in the probe sequence, then it is\npossible that a race condition occurs if genpd tries to power them on\nin the same time.\nThe same is valid for powering them off before unregistering them\nfrom genpd.\nAttempt to fix race conditions by first removing the domains from genpd\nand *after that* powering down domains.\nAlso first power up the domains and *after that* register them\nto genpd."], "name": "CVE-2023-52645", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52645\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52645\nhttps://lore.kernel.org/linux-cve-announce/2024041733-CVE-2023-52645-68dc@gregkh/T"], "statement": "No Red Hat Products are affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.150, kernel 6.1.80, kernel 6.6.18, kernel 6.7.6, kernel 6.8"}