CVE-2023-53094

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition in the Linux kernel's serial driver, specifically in the fsl lpuart component, can lead to a NULL pointer dereference when the DMA completion interrupt occurs during DMA shutdown. This happens because the lpuart dma shutdown() function may delete the timer using del timer sync() before the DMA completion interrupt is handled, which can cause the lpuart copy rx to tty() function to access a NULL pointer. The issue is resolved by folding del timer sync() into lpuart dma rx free() after dmaengine terminate sync() to prevent the timer from being restarted.

Recommendations To fix this issue, update the Linux kernel to a version that includes the fix for the race condition in the fsl lpuart component. Specifically, the fix involves modifying the lpuart dma shutdown() function to ensure that the timer is not deleted until after the DMA completion interrupt has been handled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.