CVE-2023-53176

When we unbind a serial port hardware specific 8250 driver, the generic serial8250 driver takes over the port. After that we see an oops about 10 seconds later. This can produce the following at least on some TI SoCs:

Unhandled fault: imprecise external abort (0x1406) Internal error: : 1406 [#1] SMP ARM

Turns out that we may still have the serial port hardware specific driver port->pm in use, and serial8250_pm() tries to call it after the port specific driver is gone:

serial8250pm [8250base] from uartchangepm+0x54/0x8c [serialbase] uartchangepm [serialbase] from uarthangup+0x154/0x198 [serialbase] uarthangup [serialbase] from __tty_hangup.part.0+0x328/0x37c __ttyhangup.part.0 from disassociatectty+0x154/0x20c disassociatectty from doexit+0x744/0xaac do_exit from dogroupexit+0x40/0x8c dogroupexit from __wakeupparent+0x0/0x1c

Let's fix the issue by calling serial8250setdefaults() in serial8250unregisterport(). This will set the port back to using the serial8250 default functions, and sets the port->pm to point to serial8250_pm.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53176.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c161afe9759ddcc174d08e7c4f683d08ac9ba86f

Fixed

490bf37eaabb0a857ed1ae8e75d8854e41662f1c

Fixed

c9e080c3005fd183c56ff8f4d75edb5da0765d2c

Fixed

d5cd2928d31042a7c0a01464f9a8d95be736421d

Fixed

2c86a1305c1406f45ea780d06953c484ea1d9e6e

Fixed

1ba5594739d858e524ff0f398ee1ebfe0a8b9d41

Fixed

af4d6dbb1a92ea424ad1ba1d0c88c7fa2345d872

Fixed

8e596aed5f2f98cf3e6e98d6fe1d689f4a319308

Fixed

04e82793f068d2f0ffe62fcea03d007a8cdc16a7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53176.json"