CVE-2023-53287

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: Put the cdns set active part outside the spin lock

The device may be scheduled during the resume process, so this cannot appear in atomic operations. Since pm_runtime_set_active will resume suppliers, put set active outside the spin lock, which is only used to protect the struct cdns data structure, otherwise the kernel will report the following warning:

BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1163 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 651, name: sh preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 CPU: 0 PID: 651 Comm: sh Tainted: G WC 6.1.20 #1 Hardware name: Freescale i.MX8QM MEK (DT) Call trace: dump_backtrace.part.0+0xe0/0xf0 show_stack+0x18/0x30 dump_stack_lvl+0x64/0x80 dump_stack+0x1c/0x38 __might_resched+0x1fc/0x240 __might_sleep+0x68/0xc0 __pm_runtime_resume+0x9c/0xe0 rpm_get_suppliers+0x68/0x1b0 __pm_runtime_set_status+0x298/0x560 cdns_resume+0xb0/0x1c0 cdns3_controller_resume.isra.0+0x1e0/0x250 cdns3_plat_resume+0x28/0x40

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7733f6c32e36ff9d7adadf40001039bf219b1cbe < c861a61be6d30538ebcf7fcab1d43f244e298840affected
LinuxLinux7733f6c32e36ff9d7adadf40001039bf219b1cbe < bbc9c3652708108738009e096d608ece3cd9fa8aaffected
LinuxLinux7733f6c32e36ff9d7adadf40001039bf219b1cbe < d3f372ec95b89776f72d5c9a475424e27734c223affected
LinuxLinux7733f6c32e36ff9d7adadf40001039bf219b1cbe < 2319b9c87fe243327285f2fefd7374ffd75a65fcaffected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.15.133 <= 5.15.*unaffected
LinuxLinux6.1.55 <= 6.1.*unaffected
LinuxLinux6.5.5 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References