cve-2023-52505
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2024-12-19 08:21
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers The protocol converter configuration registers PCC8, PCCC, PCCD (implemented by the driver), as well as others, control protocol converters from multiple lanes (each represented as a different struct phy). So, if there are simultaneous calls to phy_set_mode_ext() to lanes sharing the same PCC register (either for the "old" or for the "new" protocol), corruption of the values programmed to hardware is possible, because lynx_28g_rmw() has no locking. Add a spinlock in the struct lynx_28g_priv shared by all lanes, and take the global spinlock from the phy_ops :: set_mode() implementation. There are no other callers which modify PCC registers.
Impacted products
Vendor Product Version
Linux Linux Version: 5.18
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-11T15:02:00.830027Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:17.026Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/freescale/phy-fsl-lynx-28g.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6f901f8448c6b25ed843796b114471d2a3fc5dfb",
              "status": "affected",
              "version": "8f73b37cf3fbda67ea1e579c3b5785da4e7aa2e3",
              "versionType": "git"
            },
            {
              "lessThan": "c2d7c79898b427d263c64a4841987eec131f2d4e",
              "status": "affected",
              "version": "8f73b37cf3fbda67ea1e579c3b5785da4e7aa2e3",
              "versionType": "git"
            },
            {
              "lessThan": "139ad1143151a07be93bf741d4ea7c89e59f89ce",
              "status": "affected",
              "version": "8f73b37cf3fbda67ea1e579c3b5785da4e7aa2e3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/phy/freescale/phy-fsl-lynx-28g.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.59",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\n\nThe protocol converter configuration registers PCC8, PCCC, PCCD\n(implemented by the driver), as well as others, control protocol\nconverters from multiple lanes (each represented as a different\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\nto lanes sharing the same PCC register (either for the \"old\" or for the\n\"new\" protocol), corruption of the values programmed to hardware is\npossible, because lynx_28g_rmw() has no locking.\n\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\nthe global spinlock from the phy_ops :: set_mode() implementation. There\nare no other callers which modify PCC registers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:21:06.937Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce"
        }
      ],
      "title": "phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52505",
    "datePublished": "2024-03-02T21:52:19.215Z",
    "dateReserved": "2024-02-20T12:30:33.314Z",
    "dateUpdated": "2024-12-19T08:21:06.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52505\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-02T22:15:47.350\",\"lastModified\":\"2024-11-21T08:39:55.273\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\\n\\nThe protocol converter configuration registers PCC8, PCCC, PCCD\\n(implemented by the driver), as well as others, control protocol\\nconverters from multiple lanes (each represented as a different\\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\\nto lanes sharing the same PCC register (either for the \\\"old\\\" or for the\\n\\\"new\\\" protocol), corruption of the values programmed to hardware is\\npossible, because lynx_28g_rmw() has no locking.\\n\\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\\nthe global spinlock from the phy_ops :: set_mode() implementation. There\\nare no other callers which modify PCC registers.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: phy: lynx-28g: serializa llamadas concurrentes phy_set_mode_ext() a registros compartidos La configuraci\u00f3n del convertidor de protocolo registra PCC8, PCCC, PCCD (implementado por el controlador), as\u00ed como otros, control convertidores de protocolo de m\u00faltiples carriles (cada uno representado como una estructura f\u00edsica diferente). Por lo tanto, si hay llamadas simult\u00e1neas a phy_set_mode_ext() a carriles que comparten el mismo registro PCC (ya sea para el protocolo \\\"antiguo\\\" o para el \\\"nuevo\\\"), es posible que se da\u00f1en los valores programados en el hardware, porque lynx_28g_rmw() no tiene cierre. Agregue un spinlock en la estructura lynx_28g_priv compartida por todos los carriles y tome el spinlock global de la implementaci\u00f3n phy_ops :: set_mode(). No hay otros llamantes que modifiquen los registros PCC.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.