What is the severity of CVE-2023-52493?

CVE-2023-52493 has been rated as a medium-severity vulnerability in the Linux kernel.

How do I fix CVE-2023-52493?

To mitigate CVE-2023-52493, upgrade the Linux kernel to the fixed versions such as 5.10.223-1 or 6.1.123-1.

Which versions of the Linux kernel are affected by CVE-2023-52493?

CVE-2023-52493 affects Linux kernel versions between 5.7 and 5.10.210, 5.11 and 5.15.149, 5.16 and 6.1.76, 6.2 and 6.6.15, and 6.7 and 6.7.3.

What is the nature of the vulnerability in CVE-2023-52493?

CVE-2023-52493 involves a locking issue in the MHI (Mobile Hardware Interface) subsystem of the Linux kernel.

Is there a specific version to upgrade to if I'm running Linux kernel version 5.10.x?

If you are running Linux kernel version 5.10.x, you should upgrade to version 5.10.223-1 or later to address CVE-2023-52493.

Vulnerability/
CVE-2023-52493

medium

5.5

CWE

667

29/2/2024

19/12/2024

CVE-2023-52493: bus: mhi: host: Drop chan lock before queuing buffers

First published: Thu Feb 29 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to client can potentially queue buffers and acquire the write lock in that process. Any queueing of buffers should be done without channel read lock acquired as it can result in multiple locks and a soft lockup. [mani: added fixes tag and cc'ed stable]

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=5.7<5.10.210
Linux Kernel	>=5.11<5.15.149
Linux Kernel	>=5.16<6.1.76
Linux Kernel	>=6.2<6.6.15
Linux Kernel	>=6.7<6.7.3
debian/linux		5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-52493?
CVE-2023-52493 has been rated as a medium-severity vulnerability in the Linux kernel.
How do I fix CVE-2023-52493?
To mitigate CVE-2023-52493, upgrade the Linux kernel to the fixed versions such as 5.10.223-1 or 6.1.123-1.
Which versions of the Linux kernel are affected by CVE-2023-52493?
CVE-2023-52493 affects Linux kernel versions between 5.7 and 5.10.210, 5.11 and 5.15.149, 5.16 and 6.1.76, 6.2 and 6.6.15, and 6.7 and 6.7.3.
What is the nature of the vulnerability in CVE-2023-52493?
CVE-2023-52493 involves a locking issue in the MHI (Mobile Hardware Interface) subsystem of the Linux kernel.
Is there a specific version to upgrade to if I'm running Linux kernel version 5.10.x?
If you are running Linux kernel version 5.10.x, you should upgrade to version 5.10.223-1 or later to address CVE-2023-52493.

agent/title
agent/first-publish-date
agent/type
agent/author
collector/launchpad-cve
source/Launchpad
collector/usn-cve
source/Ubuntu
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/references
agent/remedy
agent/trending
agent/event
agent/source
agent/tags
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/debian
vendor/linux
canonical/linux kernel
version/linux kernel/5.7
version/linux kernel/5.11
version/linux kernel/5.16
version/linux kernel/6.2
version/linux kernel/6.7

Frequently Asked Questions

What is the severity of CVE-2023-52493?
CVE-2023-52493 has been rated as a medium-severity vulnerability in the Linux kernel.
How do I fix CVE-2023-52493?
To mitigate CVE-2023-52493, upgrade the Linux kernel to the fixed versions such as 5.10.223-1 or 6.1.123-1.
Which versions of the Linux kernel are affected by CVE-2023-52493?
CVE-2023-52493 affects Linux kernel versions between 5.7 and 5.10.210, 5.11 and 5.15.149, 5.16 and 6.1.76, 6.2 and 6.6.15, and 6.7 and 6.7.3.
What is the nature of the vulnerability in CVE-2023-52493?
CVE-2023-52493 involves a locking issue in the MHI (Mobile Hardware Interface) subsystem of the Linux kernel.
Is there a specific version to upgrade to if I'm running Linux kernel version 5.10.x?
If you are running Linux kernel version 5.10.x, you should upgrade to version 5.10.223-1 or later to address CVE-2023-52493.

CVE-2023-52493: bus: mhi: host: Drop chan lock before queuing buffers

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-52493?

How do I fix CVE-2023-52493?

Which versions of the Linux kernel are affected by CVE-2023-52493?

What is the nature of the vulnerability in CVE-2023-52493?

Is there a specific version to upgrade to if I'm running Linux kernel version 5.10.x?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2023-52493?

How do I fix CVE-2023-52493?

Which versions of the Linux kernel are affected by CVE-2023-52493?

What is the nature of the vulnerability in CVE-2023-52493?

Is there a specific version to upgrade to if I'm running Linux kernel version 5.10.x?