PT-2023-9487 · Linux+4 · Linux Kernel+4

Published

2023-09-22

·

Updated

2026-03-14

·

CVE-2023-52484

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to a soft lockup triggered by the arm smmu mm invalidate range function in the Linux kernel's iommu/arm-smmu-v3 component. When running an SVA case, a soft lockup can occur, causing the CPU to become stuck for an extended period. The issue is due to the function not checking the MAX TLBI OPS threshold, leading to a potential denial-of-service condition. The problem remains even after the function was renamed to arm smmu mm arch invalidate secondary tlbs since 6.6-rc1. A similar lockup was fixed on the CPU MMU side by the commit 06ff87bae8d3, but it can still occur on the SMMU side.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-667

Related Identifiers

BDU:2024-07841
CVE-2023-52484
OESA-2024-1394
OESA-2024-1395
OESA-2024-1396
OESA-2024-1397
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:0900-1
SUSE-SU-2024:0900-2
SUSE-SU-2024:0977-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1

Affected Products

Astra Linux
Debian
Linux Kernel
Red Os
Suse