csaf_opensuse - opensuse-su-2024:13767-1

opensuse-su-2024:13767-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

kernel-devel-6.7.9-1.1 on GA media

Notes

Title of the patch

kernel-devel-6.7.9-1.1 on GA media

Description of the patch

These are all security issues fixed in the kernel-devel-6.7.9-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-13767

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "kernel-devel-6.7.9-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the kernel-devel-6.7.9-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13767",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13767-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-52456 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-52456/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-52457 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-52457/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-52459 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-52459/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-52461 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-52461/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-26605 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-26605/"
      }
    ],
    "title": "kernel-devel-6.7.9-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13767-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.7.9-1.1.aarch64",
                "product": {
                  "name": "kernel-devel-6.7.9-1.1.aarch64",
                  "product_id": "kernel-devel-6.7.9-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.7.9-1.1.aarch64",
                "product": {
                  "name": "kernel-macros-6.7.9-1.1.aarch64",
                  "product_id": "kernel-macros-6.7.9-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.7.9-1.1.aarch64",
                "product": {
                  "name": "kernel-source-6.7.9-1.1.aarch64",
                  "product_id": "kernel-source-6.7.9-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.7.9-1.1.aarch64",
                "product": {
                  "name": "kernel-source-vanilla-6.7.9-1.1.aarch64",
                  "product_id": "kernel-source-vanilla-6.7.9-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.7.9-1.1.ppc64le",
                "product": {
                  "name": "kernel-devel-6.7.9-1.1.ppc64le",
                  "product_id": "kernel-devel-6.7.9-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.7.9-1.1.ppc64le",
                "product": {
                  "name": "kernel-macros-6.7.9-1.1.ppc64le",
                  "product_id": "kernel-macros-6.7.9-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.7.9-1.1.ppc64le",
                "product": {
                  "name": "kernel-source-6.7.9-1.1.ppc64le",
                  "product_id": "kernel-source-6.7.9-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.7.9-1.1.ppc64le",
                "product": {
                  "name": "kernel-source-vanilla-6.7.9-1.1.ppc64le",
                  "product_id": "kernel-source-vanilla-6.7.9-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.7.9-1.1.s390x",
                "product": {
                  "name": "kernel-devel-6.7.9-1.1.s390x",
                  "product_id": "kernel-devel-6.7.9-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.7.9-1.1.s390x",
                "product": {
                  "name": "kernel-macros-6.7.9-1.1.s390x",
                  "product_id": "kernel-macros-6.7.9-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.7.9-1.1.s390x",
                "product": {
                  "name": "kernel-source-6.7.9-1.1.s390x",
                  "product_id": "kernel-source-6.7.9-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.7.9-1.1.s390x",
                "product": {
                  "name": "kernel-source-vanilla-6.7.9-1.1.s390x",
                  "product_id": "kernel-source-vanilla-6.7.9-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.7.9-1.1.x86_64",
                "product": {
                  "name": "kernel-devel-6.7.9-1.1.x86_64",
                  "product_id": "kernel-devel-6.7.9-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.7.9-1.1.x86_64",
                "product": {
                  "name": "kernel-macros-6.7.9-1.1.x86_64",
                  "product_id": "kernel-macros-6.7.9-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.7.9-1.1.x86_64",
                "product": {
                  "name": "kernel-source-6.7.9-1.1.x86_64",
                  "product_id": "kernel-source-6.7.9-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.7.9-1.1.x86_64",
                "product": {
                  "name": "kernel-source-vanilla-6.7.9-1.1.x86_64",
                  "product_id": "kernel-source-vanilla-6.7.9-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.7.9-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64"
        },
        "product_reference": "kernel-devel-6.7.9-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.7.9-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le"
        },
        "product_reference": "kernel-devel-6.7.9-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.7.9-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x"
        },
        "product_reference": "kernel-devel-6.7.9-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.7.9-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64"
        },
        "product_reference": "kernel-devel-6.7.9-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.7.9-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64"
        },
        "product_reference": "kernel-macros-6.7.9-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.7.9-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le"
        },
        "product_reference": "kernel-macros-6.7.9-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.7.9-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x"
        },
        "product_reference": "kernel-macros-6.7.9-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.7.9-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64"
        },
        "product_reference": "kernel-macros-6.7.9-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.7.9-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64"
        },
        "product_reference": "kernel-source-6.7.9-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.7.9-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le"
        },
        "product_reference": "kernel-source-6.7.9-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.7.9-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x"
        },
        "product_reference": "kernel-source-6.7.9-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.7.9-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64"
        },
        "product_reference": "kernel-source-6.7.9-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.7.9-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64"
        },
        "product_reference": "kernel-source-vanilla-6.7.9-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.7.9-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le"
        },
        "product_reference": "kernel-source-vanilla-6.7.9-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.7.9-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x"
        },
        "product_reference": "kernel-source-vanilla-6.7.9-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.7.9-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
        },
        "product_reference": "kernel-source-vanilla-6.7.9-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52456",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-52456"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: fix tx statemachine deadlock\n\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\n\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-52456",
          "url": "https://www.suse.com/security/cve/CVE-2023-52456"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220364 for CVE-2023-52456",
          "url": "https://bugzilla.suse.com/1220364"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-52456"
    },
    {
      "cve": "CVE-2023-52457",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-52457"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: omap: Don\u0027t skip resource freeing if pm_runtime_resume_and_get() failed\n\nReturning an error code from .remove() makes the driver core emit the\nlittle helpful error message:\n\n\tremove callback returned a non-zero value. This will be ignored.\n\nand then remove the device anyhow. So all resources that were not freed\nare leaked in this case. Skipping serial8250_unregister_port() has the\npotential to keep enough of the UART around to trigger a use-after-free.\n\nSo replace the error return (and with it the little helpful error\nmessage) by a more useful error message and continue to cleanup.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-52457",
          "url": "https://www.suse.com/security/cve/CVE-2023-52457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220350 for CVE-2023-52457",
          "url": "https://bugzilla.suse.com/1220350"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-52457"
    },
    {
      "cve": "CVE-2023-52459",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-52459"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix duplicated list deletion\n\nThe list deletion call dropped here is already called from the\nhelper function in the line before. Having a second list_del()\ncall results in either a warning (with CONFIG_DEBUG_LIST=y):\n\nlist_del corruption, c46c8198-\u003enext is LIST_POISON1 (00000100)\n\nIf CONFIG_DEBUG_LIST is disabled the operation results in a\nkernel error due to NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-52459",
          "url": "https://www.suse.com/security/cve/CVE-2023-52459"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220318 for CVE-2023-52459",
          "url": "https://bugzilla.suse.com/1220318"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-52459"
    },
    {
      "cve": "CVE-2023-52461",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-52461"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix bounds limiting when given a malformed entity\n\nIf we\u0027re given a malformed entity in drm_sched_entity_init()--shouldn\u0027t\nhappen, but we verify--with out-of-bounds priority value, we set it to an\nallowed value. Fix the expression which sets this limit.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-52461",
          "url": "https://www.suse.com/security/cve/CVE-2023-52461"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220322 for CVE-2023-52461",
          "url": "https://bugzilla.suse.com/1220322"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-52461"
    },
    {
      "cve": "CVE-2024-26605",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-26605"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n  ============================================\n  WARNING: possible recursive locking detected\n  6.7.0 #40 Not tainted\n  --------------------------------------------\n  kworker/u16:5/90 is trying to acquire lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n              but task is already holding lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n              other info that might help us debug this:\n   Possible unsafe locking scenario:\n\n         CPU0\n         ----\n    lock(pci_bus_sem);\n    lock(pci_bus_sem);\n\n               *** DEADLOCK ***\n\n  Call trace:\n   print_deadlock_bug+0x25c/0x348\n   __lock_acquire+0x10a4/0x2064\n   lock_acquire+0x1e8/0x318\n   down_read+0x60/0x184\n   pcie_aspm_pm_state_change+0x58/0xdc\n   pci_set_full_power_state+0xa8/0x114\n   pci_set_power_state+0xc4/0x120\n   qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n   pci_walk_bus+0x64/0xbc\n   qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-26605",
          "url": "https://www.suse.com/security/cve/CVE-2024-26605"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220336 for CVE-2024-26605",
          "url": "https://bugzilla.suse.com/1220336"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.7.9-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.7.9-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-26605"
    }
  ]
}

CVE-2023-52456 (GCVE-0-2023-52456)

Vulnerability from cvelistv5

Published

2024-02-23 14:46

Modified

2025-05-04 07:36

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver TX_EN pin. When the TTY port is closed in the middle of a transmission (for instance during userland application crash), imx_uart_shutdown disables the interface and disables the Transmission Complete interrupt. afer that, imx_uart_stop_tx bails on an incomplete transmission, to be retriggered by the TC interrupt. This interrupt is disabled and therefore the tx statemachine never transitions out of SEND. The statemachine is in deadlock now, and the TX_EN remains low, making the interface useless. imx_uart_stop_tx now checks for incomplete transmission AND whether TC interrupts are enabled before bailing to be retriggered. This makes sure the state machine handling is reached, and is properly set to WAIT_AFTER_SEND.

References

►

URL

Tags

	https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda
	https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19
	https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06
	https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181
	https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b
	https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0

Impacted products

Vendor

Product

Version

►

Linux

Version: cb1a609236096c278ecbfb7be678a693a70283f1
Version: cb1a609236096c278ecbfb7be678a693a70283f1
Version: cb1a609236096c278ecbfb7be678a693a70283f1
Version: cb1a609236096c278ecbfb7be678a693a70283f1
Version: cb1a609236096c278ecbfb7be678a693a70283f1
Version: cb1a609236096c278ecbfb7be678a693a70283f1

Linux

Version: 5.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52456",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-23T17:01:14.114676Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:14.564Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/imx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6e04a9d30509fb53ba6df5d655ed61d607a7cfda",
              "status": "affected",
              "version": "cb1a609236096c278ecbfb7be678a693a70283f1",
              "versionType": "git"
            },
            {
              "lessThan": "ff168d4fdb0e1ba35fb413a749b3d6cce918ec19",
              "status": "affected",
              "version": "cb1a609236096c278ecbfb7be678a693a70283f1",
              "versionType": "git"
            },
            {
              "lessThan": "63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06",
              "status": "affected",
              "version": "cb1a609236096c278ecbfb7be678a693a70283f1",
              "versionType": "git"
            },
            {
              "lessThan": "763cd68746317b5d746dc2649a3295c1efb41181",
              "status": "affected",
              "version": "cb1a609236096c278ecbfb7be678a693a70283f1",
              "versionType": "git"
            },
            {
              "lessThan": "9a662d06c22ddfa371958c2071dc350436be802b",
              "status": "affected",
              "version": "cb1a609236096c278ecbfb7be678a693a70283f1",
              "versionType": "git"
            },
            {
              "lessThan": "78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0",
              "status": "affected",
              "version": "cb1a609236096c278ecbfb7be678a693a70283f1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/imx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: imx: fix tx statemachine deadlock\n\nWhen using the serial port as RS485 port, the tx statemachine is used to\ncontrol the RTS pin to drive the RS485 transceiver TX_EN pin. When the\nTTY port is closed in the middle of a transmission (for instance during\nuserland application crash), imx_uart_shutdown disables the interface\nand disables the Transmission Complete interrupt. afer that,\nimx_uart_stop_tx bails on an incomplete transmission, to be retriggered\nby the TC interrupt. This interrupt is disabled and therefore the tx\nstatemachine never transitions out of SEND. The statemachine is in\ndeadlock now, and the TX_EN remains low, making the interface useless.\n\nimx_uart_stop_tx now checks for incomplete transmission AND whether TC\ninterrupts are enabled before bailing to be retriggered. This makes sure\nthe state machine handling is reached, and is properly set to\nWAIT_AFTER_SEND."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:36:55.750Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff168d4fdb0e1ba35fb413a749b3d6cce918ec19"
        },
        {
          "url": "https://git.kernel.org/stable/c/63ee7be01a3f7d28b1ea8b8d7944f12bb7b0ed06"
        },
        {
          "url": "https://git.kernel.org/stable/c/763cd68746317b5d746dc2649a3295c1efb41181"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a662d06c22ddfa371958c2071dc350436be802b"
        },
        {
          "url": "https://git.kernel.org/stable/c/78d60dae9a0c9f09aa3d6477c94047df2fe6f7b0"
        }
      ],
      "title": "serial: imx: fix tx statemachine deadlock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52456",
    "datePublished": "2024-02-23T14:46:19.139Z",
    "dateReserved": "2024-02-20T12:30:33.294Z",
    "dateUpdated": "2025-05-04T07:36:55.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52461 (GCVE-0-2023-52461)

Vulnerability from cvelistv5

Published

2024-02-23 14:46

Modified

2025-05-04 07:37

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drm_sched_entity_init()--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the expression which sets this limit.

References

►

URL

Tags

	https://git.kernel.org/stable/c/1470d173925d697b497656b93f7c5bddae2e64b2
	https://git.kernel.org/stable/c/2bbe6ab2be53858507f11f99f856846d04765ae3

Impacted products

Vendor

Product

Version

►

Linux

Version: 56e449603f0ac580700621a356d35d5716a62ce5
Version: 56e449603f0ac580700621a356d35d5716a62ce5

Linux

Version: 6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-23T22:33:47.670469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T17:24:25.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1470d173925d697b497656b93f7c5bddae2e64b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2bbe6ab2be53858507f11f99f856846d04765ae3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/scheduler/sched_entity.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1470d173925d697b497656b93f7c5bddae2e64b2",
              "status": "affected",
              "version": "56e449603f0ac580700621a356d35d5716a62ce5",
              "versionType": "git"
            },
            {
              "lessThan": "2bbe6ab2be53858507f11f99f856846d04765ae3",
              "status": "affected",
              "version": "56e449603f0ac580700621a356d35d5716a62ce5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/scheduler/sched_entity.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix bounds limiting when given a malformed entity\n\nIf we\u0027re given a malformed entity in drm_sched_entity_init()--shouldn\u0027t\nhappen, but we verify--with out-of-bounds priority value, we set it to an\nallowed value. Fix the expression which sets this limit."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:37:06.814Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1470d173925d697b497656b93f7c5bddae2e64b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/2bbe6ab2be53858507f11f99f856846d04765ae3"
        }
      ],
      "title": "drm/sched: Fix bounds limiting when given a malformed entity",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52461",
    "datePublished": "2024-02-23T14:46:22.280Z",
    "dateReserved": "2024-02-20T12:30:33.294Z",
    "dateUpdated": "2025-05-04T07:37:06.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52459 (GCVE-0-2023-52459)

Vulnerability from cvelistv5

Published

2024-02-23 14:46

Modified

2025-05-04 07:37

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix duplicated list deletion The list deletion call dropped here is already called from the helper function in the line before. Having a second list_del() call results in either a warning (with CONFIG_DEBUG_LIST=y): list_del corruption, c46c8198->next is LIST_POISON1 (00000100) If CONFIG_DEBUG_LIST is disabled the operation results in a kernel error due to NULL pointer dereference.

References

►

URL

Tags

	https://git.kernel.org/stable/c/b7062628caeaec90e8f691ebab2d70f31b7b6b91
	https://git.kernel.org/stable/c/49d82811428469566667f22749610b8c132cdb3e
	https://git.kernel.org/stable/c/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2

Impacted products

Vendor

Product

Version

►

Linux

Version: 28a1295795d85a25f2e7dd391c43969e95fcb341
Version: 28a1295795d85a25f2e7dd391c43969e95fcb341
Version: 28a1295795d85a25f2e7dd391c43969e95fcb341

Linux

Version: 6.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-23T16:35:28.276386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:26.775Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7062628caeaec90e8f691ebab2d70f31b7b6b91"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/49d82811428469566667f22749610b8c132cdb3e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/v4l2-core/v4l2-async.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b7062628caeaec90e8f691ebab2d70f31b7b6b91",
              "status": "affected",
              "version": "28a1295795d85a25f2e7dd391c43969e95fcb341",
              "versionType": "git"
            },
            {
              "lessThan": "49d82811428469566667f22749610b8c132cdb3e",
              "status": "affected",
              "version": "28a1295795d85a25f2e7dd391c43969e95fcb341",
              "versionType": "git"
            },
            {
              "lessThan": "3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2",
              "status": "affected",
              "version": "28a1295795d85a25f2e7dd391c43969e95fcb341",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/v4l2-core/v4l2-async.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix duplicated list deletion\n\nThe list deletion call dropped here is already called from the\nhelper function in the line before. Having a second list_del()\ncall results in either a warning (with CONFIG_DEBUG_LIST=y):\n\nlist_del corruption, c46c8198-\u003enext is LIST_POISON1 (00000100)\n\nIf CONFIG_DEBUG_LIST is disabled the operation results in a\nkernel error due to NULL pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:37:04.629Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b7062628caeaec90e8f691ebab2d70f31b7b6b91"
        },
        {
          "url": "https://git.kernel.org/stable/c/49d82811428469566667f22749610b8c132cdb3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2"
        }
      ],
      "title": "media: v4l: async: Fix duplicated list deletion",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52459",
    "datePublished": "2024-02-23T14:46:21.006Z",
    "dateReserved": "2024-02-20T12:30:33.294Z",
    "dateUpdated": "2025-05-04T07:37:04.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52457 (GCVE-0-2023-52457)

Vulnerability from cvelistv5

Published

2024-02-23 14:46

Modified

2025-05-04 12:49

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to trigger a use-after-free. So replace the error return (and with it the little helpful error message) by a more useful error message and continue to cleanup.

References

►

URL

Tags

	https://git.kernel.org/stable/c/b502fb43f7fb55aaf07f6092ab44657595214b93
	https://git.kernel.org/stable/c/bc57f3ef8a9eb0180606696f586a6dcfaa175ed0
	https://git.kernel.org/stable/c/828cd829483f0cda920710997aed79130b0af690
	https://git.kernel.org/stable/c/d74173bda29aba58f822175d983d07c8ed335494
	https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b
	https://git.kernel.org/stable/c/95e4e0031effad9837af557ecbfd4294a4d8aeee
	https://git.kernel.org/stable/c/ad90d0358bd3b4554f243a425168fc7cebe7d04e

Impacted products

Vendor

Product

Version

►

Linux

Version: 2d66412563ef8953e2bac2d98d2d832b3f3f49cd
Version: d833cba201adf9237168e19f0d76e4d7aa69f303
Version: e0db709a58bdeb8966890882261a3f8438c5c9b7
Version: e3f0c638f428fd66b5871154b62706772045f91a
Version: e3f0c638f428fd66b5871154b62706772045f91a
Version: e3f0c638f428fd66b5871154b62706772045f91a
Version: e3f0c638f428fd66b5871154b62706772045f91a
Version: 02eed6390dbe61115f3e3f63829c95c611aee67b

Linux

Version: 6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:19.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b502fb43f7fb55aaf07f6092ab44657595214b93"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc57f3ef8a9eb0180606696f586a6dcfaa175ed0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/828cd829483f0cda920710997aed79130b0af690"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d74173bda29aba58f822175d983d07c8ed335494"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95e4e0031effad9837af557ecbfd4294a4d8aeee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad90d0358bd3b4554f243a425168fc7cebe7d04e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:02:36.778988Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:47.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/8250/8250_omap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b502fb43f7fb55aaf07f6092ab44657595214b93",
              "status": "affected",
              "version": "2d66412563ef8953e2bac2d98d2d832b3f3f49cd",
              "versionType": "git"
            },
            {
              "lessThan": "bc57f3ef8a9eb0180606696f586a6dcfaa175ed0",
              "status": "affected",
              "version": "d833cba201adf9237168e19f0d76e4d7aa69f303",
              "versionType": "git"
            },
            {
              "lessThan": "828cd829483f0cda920710997aed79130b0af690",
              "status": "affected",
              "version": "e0db709a58bdeb8966890882261a3f8438c5c9b7",
              "versionType": "git"
            },
            {
              "lessThan": "d74173bda29aba58f822175d983d07c8ed335494",
              "status": "affected",
              "version": "e3f0c638f428fd66b5871154b62706772045f91a",
              "versionType": "git"
            },
            {
              "lessThan": "887a558d0298d36297daea039954c39940228d9b",
              "status": "affected",
              "version": "e3f0c638f428fd66b5871154b62706772045f91a",
              "versionType": "git"
            },
            {
              "lessThan": "95e4e0031effad9837af557ecbfd4294a4d8aeee",
              "status": "affected",
              "version": "e3f0c638f428fd66b5871154b62706772045f91a",
              "versionType": "git"
            },
            {
              "lessThan": "ad90d0358bd3b4554f243a425168fc7cebe7d04e",
              "status": "affected",
              "version": "e3f0c638f428fd66b5871154b62706772045f91a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "02eed6390dbe61115f3e3f63829c95c611aee67b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/8250/8250_omap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.268",
                  "versionStartIncluding": "5.4.225",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.209",
                  "versionStartIncluding": "5.10.156",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.148",
                  "versionStartIncluding": "5.15.80",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.75",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.14",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.2",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.0.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: omap: Don\u0027t skip resource freeing if pm_runtime_resume_and_get() failed\n\nReturning an error code from .remove() makes the driver core emit the\nlittle helpful error message:\n\n\tremove callback returned a non-zero value. This will be ignored.\n\nand then remove the device anyhow. So all resources that were not freed\nare leaked in this case. Skipping serial8250_unregister_port() has the\npotential to keep enough of the UART around to trigger a use-after-free.\n\nSo replace the error return (and with it the little helpful error\nmessage) by a more useful error message and continue to cleanup."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:49:03.340Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b502fb43f7fb55aaf07f6092ab44657595214b93"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc57f3ef8a9eb0180606696f586a6dcfaa175ed0"
        },
        {
          "url": "https://git.kernel.org/stable/c/828cd829483f0cda920710997aed79130b0af690"
        },
        {
          "url": "https://git.kernel.org/stable/c/d74173bda29aba58f822175d983d07c8ed335494"
        },
        {
          "url": "https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/95e4e0031effad9837af557ecbfd4294a4d8aeee"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad90d0358bd3b4554f243a425168fc7cebe7d04e"
        }
      ],
      "title": "serial: 8250: omap: Don\u0027t skip resource freeing if pm_runtime_resume_and_get() failed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52457",
    "datePublished": "2024-02-23T14:46:19.772Z",
    "dateReserved": "2024-02-20T12:30:33.294Z",
    "dateUpdated": "2025-05-04T12:49:03.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26605 (GCVE-0-2024-26605)

Vulnerability from cvelistv5

Published

2024-02-24 15:17

Modified

2025-05-04 12:54

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep: ============================================ WARNING: possible recursive locking detected 6.7.0 #40 Not tainted -------------------------------------------- kworker/u16:5/90 is trying to acquire lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc but task is already holding lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pci_bus_sem); lock(pci_bus_sem); *** DEADLOCK *** Call trace: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom] The deadlock can easily be reproduced on machines like the Lenovo ThinkPad X13s by adding a delay to increase the race window during asynchronous probe where another thread can take a write lock. Add a new pci_set_power_state_locked() and associated helper functions that can be called with the PCI bus semaphore held to avoid taking the read lock twice.

References

►

URL

Tags

	https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3
	https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c
	https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70
	https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20

Impacted products

Vendor

Product

Version

►

Linux

Version: b9c370b61d735a0e5390c42771e7eb21413f7868
Version: 8cc22ba3f77c59df5f1ac47d62df51efb28cd868
Version: f93e71aea6c60ebff8adbd8941e678302d377869
Version: f93e71aea6c60ebff8adbd8941e678302d377869
Version: 1f2f662c8bec75d1311e063efaa9107435cf16c8

Linux

Version: 6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26605",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:02:33.693811Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:47.291Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/bus.c",
            "drivers/pci/controller/dwc/pcie-qcom.c",
            "drivers/pci/pci.c",
            "drivers/pci/pci.h",
            "drivers/pci/pcie/aspm.c",
            "include/linux/pci.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0f7908a016c092cfdaa16d785fa5099d867bc1a3",
              "status": "affected",
              "version": "b9c370b61d735a0e5390c42771e7eb21413f7868",
              "versionType": "git"
            },
            {
              "lessThan": "b0f4478838be1f1d330061201898fef65bf8fd7c",
              "status": "affected",
              "version": "8cc22ba3f77c59df5f1ac47d62df51efb28cd868",
              "versionType": "git"
            },
            {
              "lessThan": "ef90508574d7af48420bdc5f7b9a4f1cdd26bc70",
              "status": "affected",
              "version": "f93e71aea6c60ebff8adbd8941e678302d377869",
              "versionType": "git"
            },
            {
              "lessThan": "1e560864159d002b453da42bd2c13a1805515a20",
              "status": "affected",
              "version": "f93e71aea6c60ebff8adbd8941e678302d377869",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1f2f662c8bec75d1311e063efaa9107435cf16c8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/bus.c",
            "drivers/pci/controller/dwc/pcie-qcom.c",
            "drivers/pci/pci.c",
            "drivers/pci/pci.h",
            "drivers/pci/pcie/aspm.c",
            "include/linux/pci.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "6.1.72",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.6.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.5",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.147",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n  ============================================\n  WARNING: possible recursive locking detected\n  6.7.0 #40 Not tainted\n  --------------------------------------------\n  kworker/u16:5/90 is trying to acquire lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n              but task is already holding lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n              other info that might help us debug this:\n   Possible unsafe locking scenario:\n\n         CPU0\n         ----\n    lock(pci_bus_sem);\n    lock(pci_bus_sem);\n\n               *** DEADLOCK ***\n\n  Call trace:\n   print_deadlock_bug+0x25c/0x348\n   __lock_acquire+0x10a4/0x2064\n   lock_acquire+0x1e8/0x318\n   down_read+0x60/0x184\n   pcie_aspm_pm_state_change+0x58/0xdc\n   pci_set_full_power_state+0xa8/0x114\n   pci_set_power_state+0xc4/0x120\n   qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n   pci_walk_bus+0x64/0xbc\n   qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:54:15.125Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"
        }
      ],
      "title": "PCI/ASPM: Fix deadlock when enabling ASPM",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26605",
    "datePublished": "2024-02-24T15:17:13.899Z",
    "dateReserved": "2024-02-19T14:20:24.130Z",
    "dateUpdated": "2025-05-04T12:54:15.125Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:13767-1

Vulnerability from csaf_opensuse

CVE-2023-52456 (GCVE-0-2023-52456)

Vulnerability from cvelistv5

CVE-2023-52461 (GCVE-0-2023-52461)

Vulnerability from cvelistv5

CVE-2023-52459 (GCVE-0-2023-52459)

Vulnerability from cvelistv5

CVE-2023-52457 (GCVE-0-2023-52457)

Vulnerability from cvelistv5

CVE-2024-26605 (GCVE-0-2024-26605)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature