Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-54079
CVE-2023-54079:
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
power: supply: bq27xxx: Fix poll_interval handling and races on remove
Before this patch bq27xxx_battery_teardown() was setting poll_interval = 0 to avoid bq27xxx_battery_update() requeuing the delayed_work item.
There are 2 problems with this:
If the driver is unbound through sysfs, rather then the module being rmmod-ed, this changes poll_interval unexpectedly
This is racy, after it being set poll_interval could be changed before bq27xxx_battery_update() checks it through /sys/module/bq27xxx_battery/parameters/poll_interval
Fix this by added a removed attribute to struct bq27xxx_device_info and using that instead of setting poll_interval to 0.
There also is another poll_interval related race on remove(), writing /sys/module/bq27xxx_battery/parameters/poll_interval will requeue the delayed_work item for all devices on the bq27xxx_battery_devices list and the device being removed was only removed from that list after cancelling the delayed_work item.
Fix this by moving the removal from the bq27xxx_battery_devices list to before cancelling the delayed_work item.
Source: NVD
Related Linux Debian vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management