{"id":"CVE-2023-52492","summary":"dmaengine: fix NULL pointer in channel unregistration function","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fix NULL pointer in channel unregistration function\n\n__dma_async_device_channel_register() can fail. In case of failure,\nchan-\u003elocal is freed (with free_percpu()), and chan-\u003elocal is nullified.\nWhen dma_async_device_unregister() is called (because of managed API or\nintentionally by DMA controller driver), channels are unconditionally\nunregistered, leading to this NULL pointer:\n[    1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[...]\n[    1.484499] Call trace:\n[    1.486930]  device_del+0x40/0x394\n[    1.490314]  device_unregister+0x20/0x7c\n[    1.494220]  __dma_async_device_channel_unregister+0x68/0xc0\n\nLook at dma_async_device_register() function error path, channel device\nunregistration is done only if chan-\u003elocal is not NULL.\n\nThen add the same condition at the beginning of\n__dma_async_device_channel_unregister() function, to avoid NULL pointer\nissue whatever the API used to reach this function.","modified":"2026-04-11T12:46:31.530798Z","published":"2024-02-29T15:52:10.499Z","related":["ALSA-2024:8856","ALSA-2024:8870","SUSE-SU-2024:1320-1","SUSE-SU-2024:1321-1","SUSE-SU-2024:1465-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1489-1","SUSE-SU-2024:1490-1","SUSE-SU-2024:2135-1","USN-6818-2","USN-6819-2"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52492.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2ab32986a0b9e329eb7f8f04dd57cc127f797c08"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9263fd2a63487c6d04cbb7b74a48fb12e1e352d0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9de69732dde4e443c1c7f89acbbed2c45a6a8e17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f5c24d94512f1b288262beda4d3dcb9629222fc7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52492.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52492"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d2fb0a0438384fee08a418025f743913020033ce"},{"fixed":"9de69732dde4e443c1c7f89acbbed2c45a6a8e17"},{"fixed":"047fce470412ab64cb7345f9ff5d06919078ad79"},{"fixed":"2ab32986a0b9e329eb7f8f04dd57cc127f797c08"},{"fixed":"7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b"},{"fixed":"9263fd2a63487c6d04cbb7b74a48fb12e1e352d0"},{"fixed":"f5c24d94512f1b288262beda4d3dcb9629222fc7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52492.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.6.0"},{"fixed":"5.10.210"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.149"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.76"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.15"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.7.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52492.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}