CVE-2023-52635

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.149

Description The vulnerability is related to the devfreq driver in the Linux kernel. It occurs when the governor is frequently switched in a loop, resulting in timer list corruption. This corruption happens because timer cancel is done from two places: one from cancel delayed work sync() and the other from expire timers(). The issue can be resolved by synchronizing devfreq monitor [start/stop] using a polling flag and devfreq lock to prevent delayed work and timer instance corruption.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. If an update is not available, consider applying a patch that synchronizes devfreq monitor [start/stop] to prevent timer list corruption. As a temporary workaround, avoid frequently switching the governor in a loop to minimize the risk of exploitation.