CVE-2023-52749

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the Linux kernel where a synchronous transfer can be active during a system suspend, causing a null pointer dereference exception when the system resumes. This occurs due to the following sequence of events:

spi sync() calls spi transfer message noqueue() which sets ctlr->cur msg.
Spi transfer begins via spi transfer one message().
The system is suspended, interrupting the transfer context.
The system is resumed.
spi controller resume() calls spi start queue() which resets cur msg to NULL.
The spi transfer context resumes and spi finalize current message() is called, which dereferences cur msg (now NULL). To resolve this issue, the kernel waits for synchronous transfers to complete before suspending by acquiring the bus mutex and setting/checking a suspend flag.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-362

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

AZL-54821

BDU:2025-10564

CVE-2023-52749

INFSA-2024_9315

RHSA-2024:10772

RHSA-2024:10773

RHSA-2024:9315

RHSA-2024:9546

RHSA-2024_9315

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Astra Linux

Debian

Linux Kernel

Red Hat

Red Os

Suse

CVE-2023-52749

Weakness Enumeration

Related Identifiers

Affected Products

References · 1934