PT-2024-14599 · Linux+7 · Linux Kernel+7

Youngmin Nam

·

Published

2024-01-03

·

Updated

2025-09-29

·

CVE-2023-52498

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to possible deadlocks in the core system-wide PM code of the Linux kernel. In low-memory situations, the system-wide resume core code deadlocks because async schedule dev() executes its argument function synchronously if it cannot allocate memory, and this function attempts to acquire a mutex that is already held. Executing the argument function synchronously from within dpm async fn() may also be problematic for ordering reasons. The problem is addressed by changing the code to use async schedule dev nocall() for scheduling the asynchronous execution of device suspend and resume functions and to directly run them synchronously if async schedule dev nocall() returns false.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-3457
BDU:2025-04570
CVE-2023-52498
DLA-3842-1
DSA-5681-1
INFSA-2024_9315
OESA-2024-1498
OESA-2024-1499
OESA-2024-1500
OESA-2024-1501
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:3190-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3483-1
USN-6765-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6795-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4
USN-6828-1
USN-7159-1
USN-7159-2
USN-7159-3
USN-7159-4
USN-7159-5
USN-7195-1
USN-7195-2

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu