CVE-2023-52853

Summary

In the Linux kernel, the following vulnerability has been resolved:

hid: cp2112: Fix duplicate workqueue initialization

Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ startups following an initial request. This resulted in a warning in set_work_data in workqueue.c, as well as a rare NULL dereference within process_one_work in workqueue.c.

Initialize the workqueue within _probe instead.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < df0daac2709473531d6a3472997cc65301ac06d6affected
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < 727203e6e7e7020e1246fc1628cbdb8d90177819affected
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < 3d959406c8fff2334d83d0c352d54fd6f5b2e7cdaffected
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < 012d0c66f9392a99232ac28217229f32dd3a70cfaffected
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < bafb12b629b7c3ad59812dd1ac1b0618062e0e38affected
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < fb5718bc67337dde1528661f419ffcf275757592affected
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < eb1121fac7986b30915ba20c5a04cc01fdcf160caffected
LinuxLinux13de9cca514ed63604263cad87ca8cb36e9b6489 < e3c2d2d144c082dd71596953193adf9891491f42affected
LinuxLinux4.10affected
LinuxLinux0 < 4.10unaffected
LinuxLinux4.19.299 <= 4.19.*unaffected
LinuxLinux5.4.261 <= 5.4.*unaffected
LinuxLinux5.10.201 <= 5.10.*unaffected
LinuxLinux5.15.139 <= 5.15.*unaffected
LinuxLinux6.1.63 <= 6.1.*unaffected
LinuxLinux6.5.12 <= 6.5.*unaffected
LinuxLinux6.6.2 <= 6.6.*unaffected
LinuxLinux6.7 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References