CVE-2023-52486

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises from a deadlock handling mistake in the Linux kernel, specifically in the drm mode page flip ioctl() function. When a deadlock occurs after the framebuffer lookup, the kernel proceeds to unref the framebuffer and then retries the process. However, it forgets to reset the framebuffer pointer back to NULL, leading to the possibility of unreferencing the same framebuffer multiple times without obtaining another reference. This can result in the framebuffer being freed while still in use. The problem is exacerbated when doing async flips on a DG2 with CONFIG DEBUG WW MUTEX SLOWPATH=y enabled. Symptoms include drm closefb() getting stuck in a busy loop while walking the framebuffer list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.