CVE-2023-52808

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52808
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52808.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52808
Downstream
Related
Published
2024-05-21T15:31:18.330Z
Modified
2026-03-20T12:32:48.363927Z
Summary
scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: hisisas: Set debugfsdir pointer to NULL after removing debugfs

If init debugfs failed during device registration due to memory allocation failure, debugfsremoverecursive() is called, after which debugfsdir is not set to NULL. debugfsremove_recursive() will be called again during device removal. As a result, illegal pointer is accessed.

[ 1665.467244] hisisasv3hw 0000:b4:02.0: failed to init debugfs! ... [ 1669.836708] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [ 1669.872669] pc : downwrite+0x24/0x70 [ 1669.876315] lr : downwrite+0x1c/0x70 [ 1669.879961] sp : ffff000036f53a30 [ 1669.883260] x29: ffff000036f53a30 x28: ffffa027c31549f8 [ 1669.888547] x27: ffffa027c3140000 x26: 0000000000000000 [ 1669.893834] x25: ffffa027bf37c270 x24: ffffa027bf37c270 [ 1669.899122] x23: ffff0000095406b8 x22: ffff0000095406a8 [ 1669.904408] x21: 0000000000000000 x20: ffffa027bf37c310 [ 1669.909695] x19: 00000000000000a0 x18: ffff8027dcd86f10 [ 1669.914982] x17: 0000000000000000 x16: 0000000000000000 [ 1669.920268] x15: 0000000000000000 x14: ffffa0274014f870 [ 1669.925555] x13: 0000000000000040 x12: 0000000000000228 [ 1669.930842] x11: 0000000000000020 x10: 0000000000000bb0 [ 1669.936129] x9 : ffff000036f537f0 x8 : ffff80273088ca10 [ 1669.941416] x7 : 000000000000001d x6 : 00000000ffffffff [ 1669.946702] x5 : ffff000008a36310 x4 : ffff80273088be00 [ 1669.951989] x3 : ffff000009513e90 x2 : 0000000000000000 [ 1669.957276] x1 : 00000000000000a0 x0 : ffffffff00000001 [ 1669.962563] Call trace: [ 1669.965000] downwrite+0x24/0x70 [ 1669.968301] debugfsremoverecursive+0x5c/0x1b0 [ 1669.972905] hisisasdebugfsexit+0x24/0x30 [hisisasmain] [ 1669.978541] hisisasv3remove+0x130/0x150 [hisisasv3hw] [ 1669.984175] pcideviceremove+0x48/0xd8 [ 1669.988082] devicereleasedriverinternal+0x1b4/0x250 [ 1669.993282] devicereleasedriver+0x28/0x38 [ 1669.997534] pcistopbusdevice+0x84/0xb8 [ 1670.001611] pcistopandremovebusdevicelocked+0x24/0x40 [ 1670.007244] removestore+0xfc/0x140 [ 1670.010802] devattrstore+0x44/0x60 [ 1670.014448] sysfskfwrite+0x58/0x80 [ 1670.018095] kernfsfopwrite+0xe8/0x1f0 [ 1670.022000] __vfswrite+0x60/0x190 [ 1670.025472] vfswrite+0xac/0x1c0 [ 1670.028771] ksys_write+0x6c/0xd8 [ 1670.032071] _arm64syswrite+0x24/0x30 [ 1670.035977] el0svccommon+0x78/0x130 [ 1670.039710] el0svchandler+0x38/0x78 [ 1670.043442] el0svc+0x8/0xc

To fix this, set debugfsdir to NULL after debugfsremove_recursive().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52808.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
47caad1577cd7a39e2048c5e4edbce4b863dc12b
Fixed
f0bfc8a5561fb0b2c48183dcbfe00bdd6d973bd3
Fixed
33331b265aac9441ac0c1a5442e3f05d038240ec
Fixed
75a2656260fe8c7eeabda6ff4600b29e183f48db
Fixed
b4465009e7d60c6111946db4c8f1e50d401ed7be
Fixed
6de426f9276c448e2db7238911c97fb157cb23be

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52808.json"