CVE-2023-52785

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a racing condition between the ufshcd mcq abort() function and the Interrupt Service Routine (ISR) in the Linux kernel's UFS (Universal Flash Storage) component. When a command timeout occurs and the completion IRQ is raised simultaneously, ufshcd mcq abort() clears the lprb->cmd pointer, leading to a NULL pointer dereference in the ISR. This can cause a kernel crash, resulting in a denial of service. The error log indicates a device abort task at tag 18 and an inability to handle a kernel NULL pointer dereference at a specific virtual address.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.