CVE-2023-54044
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
spmi: Add a check for remove callback when removing a SPMI driver
When removing a SPMI driver, there can be a crash due to NULL pointer dereference if it does not have a remove callback defined. This is one such call trace observed when removing the QCOM SPMI PMIC driver:
dump_backtrace.cfi_jt+0x0/0x8 dump_stack_lvl+0xd8/0x16c panic+0x188/0x498 __cfi_slowpath+0x0/0x214 __cfi_slowpath+0x1dc/0x214 spmi_drv_remove+0x16c/0x1e0 device_release_driver_internal+0x468/0x79c driver_detach+0x11c/0x1a0 bus_remove_driver+0xc4/0x124 driver_unregister+0x58/0x84 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic] __do_sys_delete_module+0x3ec/0x53c __arm64_sys_delete_module+0x18/0x28 el0_svc_common+0xdc/0x294 el0_svc+0x38/0x9c el0_sync_handler+0x8c/0xf0 el0_sync+0x1b4/0x1c0
If a driver has all its resources allocated through devm_() APIs and does not need any other explicit cleanup, it would not require a remove callback to be defined. Hence, add a check for remove callback presence before calling it when removing a SPMI driver.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < b95a69214daea4aab1c8bad96571d988a62e2c97 | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < 699949219e35fe29fd42ccf8cd92c989c3d15109 | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < 54dda732225555dc6d660e95793c54a0a44b612c | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < ee0b6146317a98bfec848d7bde5586beb245a38f | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < 428cc252701d6864151f3a296ffc23e1e49a7408 | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < af763c29b9e7040fedd0077bca053b101438a3a4 | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < 0f3ef30c1c05502f5de3b73b3715d5994845c1b4 | affected |
| Linux | Linux | 5a86bf343976b9c8ab2f240bc866451fa67e5573 < b56eef3e16d888883fefab47425036de80dd38fc | affected |
| Linux | Linux | 3.15 | affected |
| Linux | Linux | 0 < 3.15 | unaffected |
| Linux | Linux | 4.14.315 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.283 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.243 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.180 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.111 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.28 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.15 <= 6.2.* | unaffected |
| Linux | Linux | 6.3.2 <= 6.3.* | unaffected |
| Linux | Linux | 6.4 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b95a69214daea4aab1c8bad96571d988a62e2c97
- https://git.kernel.org/stable/c/699949219e35fe29fd42ccf8cd92c989c3d15109
- https://git.kernel.org/stable/c/54dda732225555dc6d660e95793c54a0a44b612c
- https://git.kernel.org/stable/c/c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b
- https://git.kernel.org/stable/c/ee0b6146317a98bfec848d7bde5586beb245a38f
- https://git.kernel.org/stable/c/428cc252701d6864151f3a296ffc23e1e49a7408
- https://git.kernel.org/stable/c/af763c29b9e7040fedd0077bca053b101438a3a4
- https://git.kernel.org/stable/c/0f3ef30c1c05502f5de3b73b3715d5994845c1b4
- https://git.kernel.org/stable/c/b56eef3e16d888883fefab47425036de80dd38fc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.