{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54287", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:44.526Z", "datePublished": "2025-12-30T12:23:27.076Z", "dateUpdated": "2025-12-30T12:23:27.076Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:23:27.076Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: imx: disable Ageing Timer interrupt request irq\n\nThere maybe pending USR interrupt before requesting irq, however\nuart_add_one_port has not executed, so there will be kernel panic:\n[ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre\nss 0000000000000080\n[ 0.802701] Mem abort info:\n[ 0.805367] ESR = 0x0000000096000004\n[ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 0.814033] SET = 0, FnV = 0\n[ 0.816950] EA = 0, S1PTW = 0\n[ 0.819950] FSC = 0x04: level 0 translation fault\n[ 0.824617] Data abort info:\n[ 0.827367] ISV = 0, ISS = 0x00000004\n[ 0.831033] CM = 0, WnR = 0\n[ 0.833866] [0000000000000080] user address but active_mm is swapper\n[ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 0.845953] Modules linked in:\n[ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1\n[ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT)\n[ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0\n[ 0.872283] lr : imx_uart_int+0xf8/0x1ec\n\nThe issue only happends in the inmate linux when Jailhouse hypervisor\nenabled. The test procedure is:\nwhile true; do\n\tjailhouse enable imx8mp.cell\n\tjailhouse cell linux xxxx\n\tsleep 10\n\tjailhouse cell destroy 1\n\tjailhouse disable\n\tsleep 5\ndone\n\nAnd during the upper test, press keys to the 2nd linux console.\nWhen `jailhouse cell destroy 1`, the 2nd linux has no chance to put\nthe uart to a quiese state, so USR1/2 may has pending interrupts. Then\nwhen `jailhosue cell linux xx` to start 2nd linux again, the issue\ntrigger.\n\nIn order to disable irqs before requesting them, both UCR1 and UCR2 irqs\nshould be disabled, so here fix that, disable the Ageing Timer interrupt\nin UCR2 as UCR1 does."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/imx.c"], "versions": [{"version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60", "lessThan": "3d41d9b256ae626c0dc434427c8e32450358d3b4", "status": "affected", "versionType": "git"}, {"version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60", "lessThan": "9795ece3a85ba9238191e97665586e2d79703ff3", "status": "affected", "versionType": "git"}, {"version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60", "lessThan": "963875b0655197281775b0ea614aab8b6b3eb001", "status": "affected", "versionType": "git"}, {"version": "8a61f0c70ae65c6b70d13228c3120c73d7425a60", "lessThan": "ef25e16ea9674b713a68c3bda821556ce9901254", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/tty/serial/imx.c"], "versions": [{"version": "4.3", "status": "affected"}, {"version": "0", "lessThan": "4.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.99", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.16", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.3", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.15.99"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.1.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.2.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3d41d9b256ae626c0dc434427c8e32450358d3b4"}, {"url": "https://git.kernel.org/stable/c/9795ece3a85ba9238191e97665586e2d79703ff3"}, {"url": "https://git.kernel.org/stable/c/963875b0655197281775b0ea614aab8b6b3eb001"}, {"url": "https://git.kernel.org/stable/c/ef25e16ea9674b713a68c3bda821556ce9901254"}], "title": "tty: serial: imx: disable Ageing Timer interrupt request irq", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: imx: disable Ageing Timer interrupt request irq\n\nThere maybe pending USR interrupt before requesting irq, however\nuart_add_one_port has not executed, so there will be kernel panic:\n[ 0.795668] Unable to handle kernel NULL pointer dereference at virtual addre\nss 0000000000000080\n[ 0.802701] Mem abort info:\n[ 0.805367] ESR = 0x0000000096000004\n[ 0.808950] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 0.814033] SET = 0, FnV = 0\n[ 0.816950] EA = 0, S1PTW = 0\n[ 0.819950] FSC = 0x04: level 0 translation fault\n[ 0.824617] Data abort info:\n[ 0.827367] ISV = 0, ISS = 0x00000004\n[ 0.831033] CM = 0, WnR = 0\n[ 0.833866] [0000000000000080] user address but active_mm is swapper\n[ 0.839951] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 0.845953] Modules linked in:\n[ 0.848869] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.1+g56321e101aca #1\n[ 0.855617] Hardware name: Freescale i.MX8MP EVK (DT)\n[ 0.860452] pstate: 000000c5 (nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 0.867117] pc : __imx_uart_rxint.constprop.0+0x11c/0x2c0\n[ 0.872283] lr : imx_uart_int+0xf8/0x1ec\n\nThe issue only happends in the inmate linux when Jailhouse hypervisor\nenabled. The test procedure is:\nwhile true; do\n\tjailhouse enable imx8mp.cell\n\tjailhouse cell linux xxxx\n\tsleep 10\n\tjailhouse cell destroy 1\n\tjailhouse disable\n\tsleep 5\ndone\n\nAnd during the upper test, press keys to the 2nd linux console.\nWhen `jailhouse cell destroy 1`, the 2nd linux has no chance to put\nthe uart to a quiese state, so USR1/2 may has pending interrupts. Then\nwhen `jailhosue cell linux xx` to start 2nd linux again, the issue\ntrigger.\n\nIn order to disable irqs before requesting them, both UCR1 and UCR2 irqs\nshould be disabled, so here fix that, disable the Ageing Timer interrupt\nin UCR2 as UCR1 does."}], "id": "CVE-2023-54287", "lastModified": "2025-12-30T13:16:17.730", "metrics": {}, "published": "2025-12-30T13:16:17.730", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d41d9b256ae626c0dc434427c8e32450358d3b4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/963875b0655197281775b0ea614aab8b6b3eb001"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9795ece3a85ba9238191e97665586e2d79703ff3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ef25e16ea9674b713a68c3bda821556ce9901254"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}