CVE-2023-53094

MEDIUM EPSS 1.7%
Published May 2, 20251y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published May 2, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: fix race on RX DMA shutdown From time to time DMA completion can come in the middle of DMA shutdown: <process ctx>: <IRQ>: lpuart32_shutdown() lpuart_dma_shutdown() del_timer_sync() lpuart_dma_rx_complete() lpuart_copy_rx_to_tty() mod_timer() lpuart_dma_rx_free() When the timer fires a bit later, sport->dma_rx_desc is NULL: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 pc : lpuart_copy_rx_to_tty+0xcc/0x5bc lr : lpuart_timer_func+0x1c/0x2c Call trace: lpuart_copy_rx_to_tty lpuart_timer_func call_timer_fn __run_timers.part.0 run_timer_softirq __do_softirq __irq_exit_rcu irq_exit handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler ... To fix this fold del_timer_sync() into lpuart_dma_rx_free() after dmaengine_terminate_sync() to make sure timer will not be re-started in lpuart_copy_rx_to_tty() <= lpuart_dma_rx_complete().

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥3.18.9  –  <3.19
linuxlinux_kernel*≥3.19.1  –  <5.10.177
linuxlinux_kernel*≥5.11  –  <5.15.105
linuxlinux_kernel*≥5.16  –  <6.1.23
linuxlinux_kernel*≥6.2  –  <6.2.8
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/19a98d56dfedafb25652bdb9cd48a4e73ceba702
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1be6f2b15f902c02e055ae0b419ca789200473c9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2a36b444cace9580380467fd1183bb5e85bcc80a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90530e7214c8a04dcdde57502d93fa96af288c38
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/954fc9931f0aabf272b5674cf468affdd88d3a36
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19a98d56dfedafb25652bdb9cd48a4e73ceba702
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1be6f2b15f902c02e055ae0b419ca789200473c9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2a36b444cace9580380467fd1183bb5e85bcc80a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90530e7214c8a04dcdde57502d93fa96af288c38
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/954fc9931f0aabf272b5674cf468affdd88d3a36
    Patch