{"id":"CVE-2023-53094","summary":"tty: serial: fsl_lpuart: fix race on RX DMA shutdown","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: fsl_lpuart: fix race on RX DMA shutdown\n\nFrom time to time DMA completion can come in the middle of DMA shutdown:\n\n\u003cprocess ctx\u003e:\t\t\t\t\u003cIRQ\u003e:\nlpuart32_shutdown()\n  lpuart_dma_shutdown()\n    del_timer_sync()\n\t\t\t\t\tlpuart_dma_rx_complete()\n\t\t\t\t\t  lpuart_copy_rx_to_tty()\n\t\t\t\t\t    mod_timer()\n    lpuart_dma_rx_free()\n\nWhen the timer fires a bit later, sport-\u003edma_rx_desc is NULL:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000004\npc : lpuart_copy_rx_to_tty+0xcc/0x5bc\nlr : lpuart_timer_func+0x1c/0x2c\nCall trace:\n lpuart_copy_rx_to_tty\n lpuart_timer_func\n call_timer_fn\n __run_timers.part.0\n run_timer_softirq\n __do_softirq\n __irq_exit_rcu\n irq_exit\n handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n ...\n\nTo fix this fold del_timer_sync() into lpuart_dma_rx_free() after\ndmaengine_terminate_sync() to make sure timer will not be re-started in\nlpuart_copy_rx_to_tty() \u003c= lpuart_dma_rx_complete().","modified":"2026-03-20T12:32:57.540294Z","published":"2025-05-02T15:55:39.045Z","related":["SUSE-SU-2025:01983-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53094.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/19a98d56dfedafb25652bdb9cd48a4e73ceba702"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1be6f2b15f902c02e055ae0b419ca789200473c9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2a36b444cace9580380467fd1183bb5e85bcc80a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/90530e7214c8a04dcdde57502d93fa96af288c38"},{"type":"WEB","url":"https://git.kernel.org/stable/c/954fc9931f0aabf272b5674cf468affdd88d3a36"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53094.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53094"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4a8588a1cf867333187d9ff071e6fbdab587d194"},{"fixed":"19a98d56dfedafb25652bdb9cd48a4e73ceba702"},{"fixed":"90530e7214c8a04dcdde57502d93fa96af288c38"},{"fixed":"954fc9931f0aabf272b5674cf468affdd88d3a36"},{"fixed":"2a36b444cace9580380467fd1183bb5e85bcc80a"},{"fixed":"1be6f2b15f902c02e055ae0b419ca789200473c9"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"5716a781032693d0f812ed06528d98195e9df028"},{"last_affected":"0d5cb6e8b4b62d8efd1a470615894276341d6db9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53094.json"}}],"schema_version":"1.7.5"}