CVE-2023-52488: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52488 is a cache corruption vulnerability discovered in the Linux kernel, affecting versions from 3.16 up to 6.7.3. The vulnerability specifically impacts the regmap cache functionality in the SC16IS7XX serial driver, where the FIFO Read/Write (R/W) functions regmaprawread() and regmaprawwrite() could lead to cache corruption during burst mode operations (NVD, Red Hat).

The vulnerability stems from the SC16IS7XX IC's burst mode functionality for FIFO access. In this mode, the initial register address ($00) is sent once, followed by FIFO data without resending the register address. The regmaprawread() and regmaprawwrite() functions, which perform IO operations over multiple registers, assume register address incrementation for multi-byte operations, leading to potential cache corruption if not manually disabled. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability can result in cache corruption in the Linux kernel's regmap subsystem when using the SC16IS7XX serial driver. This primarily affects system availability, with no direct impact on confidentiality or integrity, as indicated by the CVSS metrics (Red Hat).

The vulnerability has been fixed by converting FIFO R/W functions to use regmap noinc versions instead of raw versions, removing the need for manual cache control. The fix ensures FIFO registers are properly declared as volatile so the cache will not be used/updated for FIFO accesses. The patch has been integrated into various kernel versions (Kernel Patch).