CVE-2023-52498
- Source
- https://cve.org/CVERecord?id=CVE-2023-52498
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52498.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52498
- Downstream
- Related
- Published
- 2024-02-29T15:52:14.029Z
- Modified
- 2026-03-13T07:48:02.736485Z
- Summary
- PM: sleep: Fix possible deadlocks in core system-wide PM code
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
PM: sleep: Fix possible deadlocks in core system-wide PM code
It is reported that in low-memory situations the system-wide resume core code deadlocks, because asyncscheduledev() executes its argument function synchronously if it cannot allocate memory (and not only in that case) and that function attempts to acquire a mutex that is already held. Executing the argument function synchronously from within dpmasyncfn() may also be problematic for ordering reasons (it may cause a consumer device's resume callback to be invoked before a requisite supplier device's one, for example).
Address this by changing the code in question to use asyncscheduledevnocall() for scheduling the asynchronous execution of device suspend and resume functions and to directly run them synchronously if asyncscheduledevnocall() returns false.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52498.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557
- https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7
- https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0
- https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34
- https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe
- https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52498.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-52498
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0552e05fdfea191a2cf3a0abd33574b5ef9ca818Fixedf46eb832389f162ad13cb780d0b8cde93641990dFixeda1d62c775b07213c73f81ae842424c74dd14b5f0Fixede1c9d32c98309ae764893a481552d3f99d46cb34Fixede681e29d1f59a04ef773296e4bebb17b1b79f8feFixed9bd3dce27b01c51295b60e1433e1dadfb16649f7Fixed7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected5d56260c5e9fdbbba59655f63622f6159bf0e595Last affected76d587bd579a08ddcd51274c6d9fff4e885e184dLast affected7dce99d3182a1495bd14cac8403ee471ecdb7ea4Last affected0390e974020ebbbb64580fc205ecc892d1fdd462