CVE-2023-52617

PCI: switchtec: Fix stdev_release() crash after surprise hot remove

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents. Reproducible via the script at https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com

Category

4.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Third-Party Advisory debian.org
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355 patch
https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c patch
https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8 patch
https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a patch
https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3 patch
https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693 patch
https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-52617?
CVE-2023-52617 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52617?
To fix CVE-2023-52617, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52617 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52617 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52617?
CVE-2023-52617 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.