CVE-2023-52993

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue occurs when the legacy timer interrupt (IRQ0) is resent in software, which happens in soft interrupt (tasklet) context, leading to a NULL pointer dereference in the periodic tick code. This happens because the legacy PIC interrupts are level triggered and should never be resent in software, but the IRQ LEVEL flag is not set on those interrupts. The problem is triggered by a spurious APIC interrupt on the IRQ0 vector, which is captured and leads to a resend when the legacy timer interrupt is enabled.

Recommendations To resolve the issue, ensure that IRQ LEVEL is set when the legacy PCI interrupts are set up. As a temporary workaround, consider disabling the legacy PIC interrupts until a patch is available. Restrict access to the periodic tick code to minimize the risk of exploitation. Avoid using the get irq regs() function in the affected context until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.