CVE-2023-52516: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52516 affects the Linux kernel's DMA debugging functionality. The vulnerability was discovered in the way _dmaentryalloccheckleak() function is called under freeentries_lock spin lock, which creates a potential deadlock condition. The issue affects Linux kernel versions up to 5.10.198, from 5.11 to 5.15.134, from 5.16 to 6.1.56, and from 6.2 to 6.5.6 (NVD).

The vulnerability stems from a locking dependency chain issue where _dmaentryalloccheckleak() calls into printk -> serial console output (qcom geni) and acquires port->lock while holding freeentrieslock spin lock. This creates a reverse locking dependency chain as the qcomgeni IRQ handler can call into dma-debug code and grab freeentrieslock under port->lock. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a deadlock condition in the Linux kernel when using DMA debugging features with serial consoles that use DMA. This could potentially cause system hangs or denial of service conditions (Kernel Patch).

The issue has been fixed by moving the _dmaentryalloccheckleak() call out of the freeentries_lock scope to prevent acquiring the serial console's port->lock under it. The fix is available in the kernel patch fb5a4315591dae307a65fc246ca80b5159d296e1 (Kernel Patch).