CVE-2023-53054
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: fix a devres leak in hw_enable upon suspend resume
Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a new devres each time. This may also happen at runtime, as dwc2_lowlevel_hw_enable() can be called from udc_start().
This can be seen with tracing:
- echo 1 > /sys/kernel/debug/tracing/events/dev/devres_log/enable
- go to low power
- cat /sys/kernel/debug/tracing/trace
A new "ADD" entry is found upon each low power cycle: … devres_log: 49000000.usb-otg ADD 82a13bba devm_action_release (8 bytes) … devres_log: 49000000.usb-otg ADD 49889daf devm_action_release (8 bytes) …
A second issue is addressed here:
- regulator_bulk_enable() is called upon each PM cycle (suspend/resume).
- regulator_bulk_disable() never gets called.
So the reference count for these regulators constantly increase, by one upon each low power cycle, due to missing regulator_bulk_disable() call in __dwc2_lowlevel_hw_disable().
The original fix that introduced the devm_add_action_or_reset() call, fixed an issue during probe, that happens due to other errors in dwc2_driver_probe() -> dwc2_core_reset(). Then the probe fails without disabling regulators, when dr_mode == USB_DR_MODE_PERIPHERAL.
Rather fix the error path: disable all the low level hardware in the error path, by using the "hsotg->ll_hw_enabled" flag. Checking dr_mode has been introduced to avoid a dual call to dwc2_lowlevel_hw_disable(). "ll_hw_enabled" should achieve the same (and is used currently in the remove() routine).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 33a06f1300a79cfd461cea0268f05e969d4f34ec < 1f01027c51eb16145e8e07fafea3ca07ef102d06 | affected |
| Linux | Linux | 33a06f1300a79cfd461cea0268f05e969d4f34ec < cba76e1fb896b573f09f51aa299223276a77bc90 | affected |
| Linux | Linux | 33a06f1300a79cfd461cea0268f05e969d4f34ec < ffb8ab6f87bd28d700ab5c20d9d3a7e75067630d | affected |
| Linux | Linux | 33a06f1300a79cfd461cea0268f05e969d4f34ec < 6485fc381b6528b6f547ee1ff10bdbcbe31a6e4c | affected |
| Linux | Linux | 33a06f1300a79cfd461cea0268f05e969d4f34ec < f747313249b74f323ddf841a9c8db14d989f296a | affected |
| Linux | Linux | c95e1f67b9a84479d1a6d2e9b123a1553af2a75e | affected |
| Linux | Linux | 7d2a4749e1589295c69183f7d79d5b62664b34d6 | affected |
| Linux | Linux | 8a8841b9f3eb1f46e3fc6d56a9b9299c53f4f86f | affected |
| Linux | Linux | fa7fd9ba18533e9aa5f718a06de3deb522a4b587 | affected |
| Linux | Linux | b2c2b88b049684b89776036f9a03fcc2d1bb3c22 | affected |
| Linux | Linux | e7c4b79d70a70b4b7b0a04c640238a2ef0a7a8c8 | affected |
| Linux | Linux | 88dcd13872b11bd60e6d4cb6317821e1d367e524 | affected |
| Linux | Linux | 4.4.233 < 4.5 | affected |
| Linux | Linux | 4.9.233 < 4.10 | affected |
| Linux | Linux | 4.14.194 < 4.15 | affected |
| Linux | Linux | 4.19.140 < 4.20 | affected |
| Linux | Linux | 5.4.59 < 5.5 | affected |
| Linux | Linux | 5.7.16 < 5.8 | affected |
| Linux | Linux | 5.8.2 < 5.9 | affected |
| Linux | Linux | 5.9 | affected |
| Linux | Linux | 0 < 5.9 | unaffected |
| Linux | Linux | 5.10.177 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.105 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.22 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.9 <= 6.2.* | unaffected |
| Linux | Linux | 6.3 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/1f01027c51eb16145e8e07fafea3ca07ef102d06
- https://git.kernel.org/stable/c/cba76e1fb896b573f09f51aa299223276a77bc90
- https://git.kernel.org/stable/c/ffb8ab6f87bd28d700ab5c20d9d3a7e75067630d
- https://git.kernel.org/stable/c/6485fc381b6528b6f547ee1ff10bdbcbe31a6e4c
- https://git.kernel.org/stable/c/f747313249b74f323ddf841a9c8db14d989f296a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.