GHSA-6PRM-Q3MH-8JF5
Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2025-05-02 18:31In the Linux kernel, the following vulnerability has been resolved:
RISC-V: fix taking the text_mutex twice during sifive errata patching
Chris pointed out that some bonehead, cough me cough, added two mutex_locks() to the SiFive errata patching. The second was meant to have been a mutex_unlock().
This results in errors such as
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 Oops [#1] Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-rc1-starlight-00079-g9493e6f3ce02 #229 Hardware name: BeagleV Starlight Beta (DT) epc : __schedule+0x42/0x500 ra : schedule+0x46/0xce epc : ffffffff8065957c ra : ffffffff80659a80 sp : ffffffff81203c80 gp : ffffffff812d50a0 tp : ffffffff8120db40 t0 : ffffffff81203d68 t1 : 0000000000000001 t2 : 4c45203a76637369 s0 : ffffffff81203cf0 s1 : ffffffff8120db40 a0 : 0000000000000000 a1 : ffffffff81213958 a2 : ffffffff81213958 a3 : 0000000000000000 a4 : 0000000000000000 a5 : ffffffff80a1bd00 a6 : 0000000000000000 a7 : 0000000052464e43 s2 : ffffffff8120db41 s3 : ffffffff80a1ad00 s4 : 0000000000000000 s5 : 0000000000000002 s6 : ffffffff81213938 s7 : 0000000000000000 s8 : 0000000000000000 s9 : 0000000000000001 s10: ffffffff812d7204 s11: ffffffff80d3c920 t3 : 0000000000000001 t4 : ffffffff812e6dd7 t5 : ffffffff812e6dd8 t6 : ffffffff81203bb8 status: 0000000200000100 badaddr: 0000000000000030 cause: 000000000000000d [] schedule+0x46/0xce [] schedule_preempt_disabled+0x16/0x28 [] __mutex_lock.constprop.0+0x3fe/0x652 [] __mutex_lock_slowpath+0xe/0x16 [] mutex_lock+0x42/0x4c [] sifive_errata_patch_func+0xf6/0x18c [] _apply_alternatives+0x74/0x76 [] apply_boot_alternatives+0x3c/0xfa [] setup_arch+0x60c/0x640 [] start_kernel+0x8e/0x99c ---[ end trace 0000000000000000 ]---
[Palmer: pick up Geert's bug report from the thread]
{
"affected": [],
"aliases": [
"CVE-2023-53122"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-02T16:15:31Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRISC-V: fix taking the text_mutex twice during sifive errata patching\n\nChris pointed out that some bonehead, *cough* me *cough*, added two\nmutex_locks() to the SiFive errata patching. The second was meant to\nhave been a mutex_unlock().\n\nThis results in errors such as\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000030\nOops [#1]\nModules linked in:\nCPU: 0 PID: 0 Comm: swapper Not tainted\n6.2.0-rc1-starlight-00079-g9493e6f3ce02 #229\nHardware name: BeagleV Starlight Beta (DT)\nepc : __schedule+0x42/0x500\n ra : schedule+0x46/0xce\nepc : ffffffff8065957c ra : ffffffff80659a80 sp : ffffffff81203c80\n gp : ffffffff812d50a0 tp : ffffffff8120db40 t0 : ffffffff81203d68\n t1 : 0000000000000001 t2 : 4c45203a76637369 s0 : ffffffff81203cf0\n s1 : ffffffff8120db40 a0 : 0000000000000000 a1 : ffffffff81213958\n a2 : ffffffff81213958 a3 : 0000000000000000 a4 : 0000000000000000\n a5 : ffffffff80a1bd00 a6 : 0000000000000000 a7 : 0000000052464e43\n s2 : ffffffff8120db41 s3 : ffffffff80a1ad00 s4 : 0000000000000000\n s5 : 0000000000000002 s6 : ffffffff81213938 s7 : 0000000000000000\n s8 : 0000000000000000 s9 : 0000000000000001 s10: ffffffff812d7204\n s11: ffffffff80d3c920 t3 : 0000000000000001 t4 : ffffffff812e6dd7\n t5 : ffffffff812e6dd8 t6 : ffffffff81203bb8\nstatus: 0000000200000100 badaddr: 0000000000000030 cause: 000000000000000d\n[\u003cffffffff80659a80\u003e] schedule+0x46/0xce\n[\u003cffffffff80659dce\u003e] schedule_preempt_disabled+0x16/0x28\n[\u003cffffffff8065ae0c\u003e] __mutex_lock.constprop.0+0x3fe/0x652\n[\u003cffffffff8065b138\u003e] __mutex_lock_slowpath+0xe/0x16\n[\u003cffffffff8065b182\u003e] mutex_lock+0x42/0x4c\n[\u003cffffffff8000ad94\u003e] sifive_errata_patch_func+0xf6/0x18c\n[\u003cffffffff80002b92\u003e] _apply_alternatives+0x74/0x76\n[\u003cffffffff80802ee8\u003e] apply_boot_alternatives+0x3c/0xfa\n[\u003cffffffff80803cb0\u003e] setup_arch+0x60c/0x640\n[\u003cffffffff80800926\u003e] start_kernel+0x8e/0x99c\n---[ end trace 0000000000000000 ]---\n\n[Palmer: pick up Geert\u0027s bug report from the thread]",
"id": "GHSA-6prm-q3mh-8jf5",
"modified": "2025-05-02T18:31:37Z",
"published": "2025-05-02T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53122"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2feac714c6818f7767cfc21a3c10fa926b7398a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/96a1600461957731b6d8ff3563c9f94b315bdaa1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf89b7ee52af5a5944fa3539e86089f72475055b"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.