CVE-2023-52613

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc7+

Description The Linux kernel has a vulnerability in the drivers/thermal/loongson2 thermal module. The issue arises from an incorrect judgment of PTR ERR(), which returns -ENODEV when thermal-zones are undefined. This can lead to a NULL pointer dereference, resulting in a kernel paging request error. The error occurs because tz->type is NULL when thermal-zones are undefined.

The vulnerability can cause a kernel crash, as indicated by the error messages, including "CPU 1 Unable to handle kernel paging request" and "Oops[#1]". The issue is related to the thermal add hwmon sysfs function and the loongson2 thermal probe function.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the incorrect PTR ERR() judgment in the drivers/thermal/loongson2 thermal module.

As a temporary workaround, consider disabling the loongson2 thermal module until a patch is available.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.