{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52505", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.314Z", "datePublished": "2024-03-02T21:52:19.215Z", "dateUpdated": "2024-12-19T08:21:06.937Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:21:06.937Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\n\nThe protocol converter configuration registers PCC8, PCCC, PCCD\n(implemented by the driver), as well as others, control protocol\nconverters from multiple lanes (each represented as a different\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\nto lanes sharing the same PCC register (either for the \"old\" or for the\n\"new\" protocol), corruption of the values programmed to hardware is\npossible, because lynx_28g_rmw() has no locking.\n\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\nthe global spinlock from the phy_ops :: set_mode() implementation. There\nare no other callers which modify PCC registers."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/freescale/phy-fsl-lynx-28g.c"], "versions": [{"version": "8f73b37cf3fbda67ea1e579c3b5785da4e7aa2e3", "lessThan": "6f901f8448c6b25ed843796b114471d2a3fc5dfb", "status": "affected", "versionType": "git"}, {"version": "8f73b37cf3fbda67ea1e579c3b5785da4e7aa2e3", "lessThan": "c2d7c79898b427d263c64a4841987eec131f2d4e", "status": "affected", "versionType": "git"}, {"version": "8f73b37cf3fbda67ea1e579c3b5785da4e7aa2e3", "lessThan": "139ad1143151a07be93bf741d4ea7c89e59f89ce", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/phy/freescale/phy-fsl-lynx-28g.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.8", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb"}, {"url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e"}, {"url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce"}], "title": "phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-11T15:02:00.830027Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:17.026Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.376Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.376Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-11T15:02:00.830027Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.700Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8f73b37cf3fb", "lessThan": "6f901f8448c6", "versionType": "git"}, {"status": "affected", "version": "8f73b37cf3fb", "lessThan": "c2d7c79898b4", "versionType": "git"}, {"status": "affected", "version": "8f73b37cf3fb", "lessThan": "139ad1143151", "versionType": "git"}], "programFiles": ["drivers/phy/freescale/phy-fsl-lynx-28g.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.18"}, {"status": "unaffected", "version": "0", "lessThan": "5.18", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.59", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.8", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/phy/freescale/phy-fsl-lynx-28g.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb"}, {"url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e"}, {"url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\n\nThe protocol converter configuration registers PCC8, PCCC, PCCD\n(implemented by the driver), as well as others, control protocol\nconverters from multiple lanes (each represented as a different\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\nto lanes sharing the same PCC register (either for the \"old\" or for the\n\"new\" protocol), corruption of the values programmed to hardware is\npossible, because lynx_28g_rmw() has no locking.\n\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\nthe global spinlock from the phy_ops :: set_mode() implementation. There\nare no other callers which modify PCC registers."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:10.352Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52505", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:10.352Z", "dateReserved": "2024-02-20T12:30:33.314Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:19.215Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37711FF-5863-43F3-897F-977ADE15F2D1", "versionEndExcluding": "6.1.59", "versionStartIncluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD4E15B4-2591-4A3A-B2A2-7FEAECD5027D", "versionEndExcluding": "6.5.8", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\n\nThe protocol converter configuration registers PCC8, PCCC, PCCD\n(implemented by the driver), as well as others, control protocol\nconverters from multiple lanes (each represented as a different\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\nto lanes sharing the same PCC register (either for the \"old\" or for the\n\"new\" protocol), corruption of the values programmed to hardware is\npossible, because lynx_28g_rmw() has no locking.\n\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\nthe global spinlock from the phy_ops :: set_mode() implementation. There\nare no other callers which modify PCC registers."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: phy: lynx-28g: serializa llamadas concurrentes phy_set_mode_ext() a registros compartidos La configuraci\u00f3n del convertidor de protocolo registra PCC8, PCCC, PCCD (implementado por el controlador), as\u00ed como otros, control convertidores de protocolo de m\u00faltiples carriles (cada uno representado como una estructura f\u00edsica diferente). Por lo tanto, si hay llamadas simult\u00e1neas a phy_set_mode_ext() a carriles que comparten el mismo registro PCC (ya sea para el protocolo \"antiguo\" o para el \"nuevo\"), es posible que se da\u00f1en los valores programados en el hardware, porque lynx_28g_rmw() no tiene cierre. Agregue un spinlock en la estructura lynx_28g_priv compartida por todos los carriles y tome el spinlock global de la implementaci\u00f3n phy_ops :: set_mode(). No hay otros llamantes que modifiquen los registros PCC."}], "id": "CVE-2023-52505", "lastModified": "2025-01-13T18:48:17.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-02T22:15:47.350", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/139ad1143151a07be93bf741d4ea7c89e59f89ce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6f901f8448c6b25ed843796b114471d2a3fc5dfb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c2d7c79898b427d263c64a4841987eec131f2d4e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers", "id": "2267778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267778"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-414", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\nThe protocol converter configuration registers PCC8, PCCC, PCCD\n(implemented by the driver), as well as others, control protocol\nconverters from multiple lanes (each represented as a different\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\nto lanes sharing the same PCC register (either for the \"old\" or for the\n\"new\" protocol), corruption of the values programmed to hardware is\npossible, because lynx_28g_rmw() has no locking.\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\nthe global spinlock from the phy_ops :: set_mode() implementation. There\nare no other callers which modify PCC registers."], "name": "CVE-2023-52505", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52505\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52505\nhttps://lore.kernel.org/linux-cve-announce/2024030249-CVE-2023-52505-8ac5@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.59, kernel 6.5.8, kernel 6.6"}