CVE-2023-53612

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The coretemp platform driver in the Linux kernel has a design flaw related to platform device handling. The driver's unconventional approach of dynamically creating and destroying platform devices can lead to a NULL dereference if drivers autoprobe is disabled for the platform bus. This also causes lock dependency issues for other drivers or subsystems registering CPU hotplug notifiers from a platform bus notifier, and can cause deadlocks during suspend. The issue is addressed by tying platform devices to the module's lifetime and directly managing hwmon interfaces from hotplug notifiers. This change removes the /sys/bus/platform/drivers/coretemp directory, while /sys/devices/platform/coretemp.n remains if package n is hotplugged off, but the behavior of hwmon interfaces remains unchanged.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.