CVE-2023-52493

bus: mhi: host: Drop chan lock before queuing buffers

Description

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to client can potentially queue buffers and acquire the write lock in that process. Any queueing of buffers should be done without channel read lock acquired as it can result in multiple locks and a soft lockup. [mani: added fixes tag and cc'ed stable]

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/20a6dea2d1c68d4e03c6bb50bc12e72e226b5c0e patch
https://git.kernel.org/stable/c/6e4c84316e2b70709f0d00c33ba3358d9fc8eece patch
https://git.kernel.org/stable/c/3c5ec66b4b3f6816f3a6161538672e389e537690 patch
https://git.kernel.org/stable/c/eaefb9464031215d63c0a8a7e2bfaa00736aa17e patch
https://git.kernel.org/stable/c/b8eff20d87092e14cac976d057cb0aea2f1d0830 patch
https://git.kernel.org/stable/c/01bd694ac2f682fb8017e16148b928482bc8fa4b patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html patch

Frequently Asked Questions

What is the severity of CVE-2023-52493?
CVE-2023-52493 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52493?
To fix CVE-2023-52493, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52493 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52493 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52493?
CVE-2023-52493 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.