CVE-2023-52492: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52492 is a vulnerability in the Linux kernel's DMA engine subsystem, discovered in December 2023. The issue occurs in the channel unregistration function where a NULL pointer dereference can happen when dmaasyncdevice_unregister() is called, either through managed API or intentionally by DMA controller driver (Kernel Git).

The vulnerability stems from a failure condition in dmaasyncdevicechannelregister() where chan->local is freed using freepercpu() and subsequently nullified. When channels are unconditionally unregistered through dmaasyncdeviceunregister(), it leads to a NULL pointer dereference at virtual address 00000000000000d0. The issue manifests in the call trace through devicedel+0x40/0x394, deviceunregister+0x20/0x7c, and dmaasyncdevicechannelunregister+0x68/0xc0 (Kernel Git).

The vulnerability can result in a kernel NULL pointer dereference, which leads to a system crash (denial of service) when attempting to unregister DMA channels under specific conditions (Ubuntu Security).

The issue has been fixed by adding a condition check at the beginning of _dmaasyncdevicechannel_unregister() function to verify if chan->local is NULL before proceeding with the unregistration process. The fix has been implemented in various Linux distributions including Ubuntu 23.10 (version 6.5.0-41.41) and Ubuntu 22.04 LTS (version 5.15.0-106.116) (Ubuntu Security).