CVE-2023-52853
Published: May 23, 2024Last modified: May 23, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ startups following an initial request. This resulted in a warning in set_work_data in workqueue.c, as well as a rare NULL dereference within process_one_work in workqueue.c. Initialize the workqueue within _probe instead.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.68-r0) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/012d0c66f9392a99232ac28217229f32dd3a70cf
- https://git.kernel.org/stable/c/3d959406c8fff2334d83d0c352d54fd6f5b2e7cd
- https://git.kernel.org/stable/c/727203e6e7e7020e1246fc1628cbdb8d90177819
- https://git.kernel.org/stable/c/bafb12b629b7c3ad59812dd1ac1b0618062e0e38
- https://git.kernel.org/stable/c/df0daac2709473531d6a3472997cc65301ac06d6
- https://git.kernel.org/stable/c/e3c2d2d144c082dd71596953193adf9891491f42
- https://git.kernel.org/stable/c/eb1121fac7986b30915ba20c5a04cc01fdcf160c
- https://git.kernel.org/stable/c/fb5718bc67337dde1528661f419ffcf275757592