CVE-2023-31082: 
Linux Kernel vulnerability analysis and mitigation

An issue was discovered in drivers/tty/ngsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmldwrite, which will block the kernel. This vulnerability has been disputed by third parties as not being a valid security issue. The vulnerability was assigned CVE-2023-31082 and was initially reported in April 2023 (NVD).

The vulnerability involves a sleeping function being called from an invalid context in the gsmldwrite function within the Linux kernel's GSM line discipline implementation. The issue occurs when ngsm is assigned to a console, which triggers a BUG warning due to sleeping in an atomic context. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, NetApp Advisory).

When exploited, this vulnerability could lead to a kernel block condition, potentially resulting in a Denial of Service (DoS). However, the actual impact is limited as the operation requires root privileges and involves an invalid setup that wouldn't be used in normal operations (SUSE Bugzilla).

No official fix has been released as the issue has been disputed. Security researchers have noted that this is not a genuine security vulnerability since assigning ngsm to a console is an unsupported operation that requires root privileges. The recommended approach is to avoid assigning ngsm to console devices, as this is not a supported configuration (SUSE Bugzilla).

The vulnerability has been met with skepticism from the security community. Kernel developers have disputed its validity as a security issue, with Jiri Slaby stating that 'This is a non-issue and does not warrant a CVE at all. Assigning ngsm to a console equals shooting to a foot.' The issue has been recommended for dispute in the CVE system ([SUSE Bugzilla](https://bugzilla.suse.com/showbug.cgi?id=1210781)).