CVE-2023-31084Deadlock in Linux

CWE-833Deadlock45 documents10 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV6.8OSV6.5OSV4.4
EPSS
0.0%
top 99.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Linux KernelDebian LinuxDebian Linux+8 more
Timeline
PublishedApr 24
Latest updateFeb 15

Description

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

Debianlinux/linux_kernel< 5.10.191-1+3
Ubuntulinux/linux_kernel< 5.4.0-162.179+3
debiandebian/linux< linux 6.1.37-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0, 12.0, Fedora 37, 38

🔴Vulnerability Details

21
OSV
linux-bluefield vulnerabilities2023-09-26
OSV
linux-intel-iotg vulnerabilities2023-09-18
OSV
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi vulnerabilities2023-09-11
OSV
linux-ibm, linux-ibm-5.4 vulnerabilities2023-09-11
OSV
linux-azure, linux-azure-4.15 vulnerabilities2023-09-08

📋Vendor Advisories

22
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-09-26
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2023-09-18
Ubuntu
Linux kernel (IBM) vulnerabilities2023-09-11
Ubuntu
Linux kernel vulnerabilities2023-09-11

💬Community

1
Bugzilla
CVE-2023-31084 kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible2023-06-07