CVE-2023-54287 (GCVE-0-2023-54287)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:23 – Updated: 2025-12-30 12:23
VLAI?
Title
tty: serial: imx: disable Ageing Timer interrupt request irq
Summary
In the Linux kernel, the following vulnerability has been resolved: tty: serial: imx: disable Ageing Timer interrupt request irq There maybe pending USR interrupt before requesting irq, however uart_add_one_port has not executed, so there will be kernel panic: [ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre ss 0000000000000080 [ 0.802701] Mem abort info: [ 0.805367] ESR = 0x0000000096000004 [ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.814033] SET = 0, FnV = 0 [ 0.816950] EA = 0, S1PTW = 0 [ 0.819950] FSC = 0x04: level 0 translation fault [ 0.824617] Data abort info: [ 0.827367] ISV = 0, ISS = 0x00000004 [ 0.831033] CM = 0, WnR = 0 [ 0.833866] [0000000000000080] user address but active_mm is swapper [ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 0.845953] Modules linked in: [ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1 [ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT) [ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0 [ 0.872283] lr : imx_uart_int+0xf8/0x1ec The issue only happends in the inmate linux when Jailhouse hypervisor enabled. The test procedure is: while true; do jailhouse enable imx8mp.cell jailhouse cell linux xxxx sleep 10 jailhouse cell destroy 1 jailhouse disable sleep 5 done And during the upper test, press keys to the 2nd linux console. When `jailhouse cell destroy 1`, the 2nd linux has no chance to put the uart to a quiese state, so USR1/2 may has pending interrupts. Then when `jailhosue cell linux xx` to start 2nd linux again, the issue trigger. In order to disable irqs before requesting them, both UCR1 and UCR2 irqs should be disabled, so here fix that, disable the Ageing Timer interrupt in UCR2 as UCR1 does.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 8a61f0c70ae65c6b70d13228c3120c73d7425a60 , < 3d41d9b256ae626c0dc434427c8e32450358d3b4 (git)
Affected: 8a61f0c70ae65c6b70d13228c3120c73d7425a60 , < 9795ece3a85ba9238191e97665586e2d79703ff3 (git)
Affected: 8a61f0c70ae65c6b70d13228c3120c73d7425a60 , < 963875b0655197281775b0ea614aab8b6b3eb001 (git)
Affected: 8a61f0c70ae65c6b70d13228c3120c73d7425a60 , < ef25e16ea9674b713a68c3bda821556ce9901254 (git)
Create a notification for this product.
    Linux Linux Affected: 4.3
Unaffected: 0 , < 4.3 (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/imx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d41d9b256ae626c0dc434427c8e32450358d3b4",
              "status": "affected",
              "version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60",
              "versionType": "git"
            },
            {
              "lessThan": "9795ece3a85ba9238191e97665586e2d79703ff3",
              "status": "affected",
              "version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60",
              "versionType": "git"
            },
            {
              "lessThan": "963875b0655197281775b0ea614aab8b6b3eb001",
              "status": "affected",
              "version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60",
              "versionType": "git"
            },
            {
              "lessThan": "ef25e16ea9674b713a68c3bda821556ce9901254",
              "status": "affected",
              "version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/imx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: imx: disable Ageing Timer interrupt request irq\n\nThere maybe pending USR interrupt before requesting irq, however\nuart_add_one_port has not executed, so there will be kernel panic:\n[    0.795668] Unable to handle kernel NULL pointer dereference at virtual addre\nss 0000000000000080\n[    0.802701] Mem abort info:\n[    0.805367]   ESR = 0x0000000096000004\n[    0.808950]   EC = 0x25: DABT (current EL), IL = 32 bits\n[    0.814033]   SET = 0, FnV = 0\n[    0.816950]   EA = 0, S1PTW = 0\n[    0.819950]   FSC = 0x04: level 0 translation fault\n[    0.824617] Data abort info:\n[    0.827367]   ISV = 0, ISS = 0x00000004\n[    0.831033]   CM = 0, WnR = 0\n[    0.833866] [0000000000000080] user address but active_mm is swapper\n[    0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[    0.845953] Modules linked in:\n[    0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1\n[    0.855617] Hardware name: Freescale i.MX8MP EVK (DT)\n[    0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[    0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0\n[    0.872283] lr : imx_uart_int+0xf8/0x1ec\n\nThe issue only happends in the inmate linux when Jailhouse hypervisor\nenabled. The test procedure is:\nwhile true; do\n\tjailhouse enable imx8mp.cell\n\tjailhouse cell linux xxxx\n\tsleep 10\n\tjailhouse cell destroy 1\n\tjailhouse disable\n\tsleep 5\ndone\n\nAnd during the upper test, press keys to the 2nd linux console.\nWhen `jailhouse cell destroy 1`, the 2nd linux has no chance to put\nthe uart to a quiese state, so USR1/2 may has pending interrupts. Then\nwhen `jailhosue cell linux xx` to start 2nd linux again, the issue\ntrigger.\n\nIn order to disable irqs before requesting them, both UCR1 and UCR2 irqs\nshould be disabled, so here fix that, disable the Ageing Timer interrupt\nin UCR2 as UCR1 does."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:23:27.076Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d41d9b256ae626c0dc434427c8e32450358d3b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9795ece3a85ba9238191e97665586e2d79703ff3"
        },
        {
          "url": "https://git.kernel.org/stable/c/963875b0655197281775b0ea614aab8b6b3eb001"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef25e16ea9674b713a68c3bda821556ce9901254"
        }
      ],
      "title": "tty: serial: imx: disable Ageing Timer interrupt request irq",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54287",
    "datePublished": "2025-12-30T12:23:27.076Z",
    "dateReserved": "2025-12-30T12:06:44.526Z",
    "dateUpdated": "2025-12-30T12:23:27.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54287\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:17.730\",\"lastModified\":\"2025-12-30T13:16:17.730\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntty: serial: imx: disable Ageing Timer interrupt request irq\\n\\nThere maybe pending USR interrupt before requesting irq, however\\nuart_add_one_port has not executed, so there will be kernel panic:\\n[    0.795668] Unable to handle kernel NULL pointer dereference at virtual addre\\nss 0000000000000080\\n[    0.802701] Mem abort info:\\n[    0.805367]   ESR = 0x0000000096000004\\n[    0.808950]   EC = 0x25: DABT (current EL), IL = 32 bits\\n[    0.814033]   SET = 0, FnV = 0\\n[    0.816950]   EA = 0, S1PTW = 0\\n[    0.819950]   FSC = 0x04: level 0 translation fault\\n[    0.824617] Data abort info:\\n[    0.827367]   ISV = 0, ISS = 0x00000004\\n[    0.831033]   CM = 0, WnR = 0\\n[    0.833866] [0000000000000080] user address but active_mm is swapper\\n[    0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\\n[    0.845953] Modules linked in:\\n[    0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1\\n[    0.855617] Hardware name: Freescale i.MX8MP EVK (DT)\\n[    0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n[    0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0\\n[    0.872283] lr : imx_uart_int+0xf8/0x1ec\\n\\nThe issue only happends in the inmate linux when Jailhouse hypervisor\\nenabled. The test procedure is:\\nwhile true; do\\n\\tjailhouse enable imx8mp.cell\\n\\tjailhouse cell linux xxxx\\n\\tsleep 10\\n\\tjailhouse cell destroy 1\\n\\tjailhouse disable\\n\\tsleep 5\\ndone\\n\\nAnd during the upper test, press keys to the 2nd linux console.\\nWhen `jailhouse cell destroy 1`, the 2nd linux has no chance to put\\nthe uart to a quiese state, so USR1/2 may has pending interrupts. Then\\nwhen `jailhosue cell linux xx` to start 2nd linux again, the issue\\ntrigger.\\n\\nIn order to disable irqs before requesting them, both UCR1 and UCR2 irqs\\nshould be disabled, so here fix that, disable the Ageing Timer interrupt\\nin UCR2 as UCR1 does.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3d41d9b256ae626c0dc434427c8e32450358d3b4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/963875b0655197281775b0ea614aab8b6b3eb001\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9795ece3a85ba9238191e97665586e2d79703ff3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ef25e16ea9674b713a68c3bda821556ce9901254\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.