CVE-2023-52564: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to free up the virtual ttys by calling gsm_dlci_release() for each available DLCI. There, dlci_put() is called to decrease the reference counter for the DLCI via tty_port_put() which finally calls gsm_dlci_free(). This already clears the pointer which is being checked in gsm_cleanup_mux() before calling gsm_dlci_release(). Therefore, it is not necessary to clear this pointer in gsm_cleanup_mux() as done in the reverted commit. The commit introduces a null pointer dereference: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x156/0x420 ? search_exception_tables+0x37/0x50 ? fixup_exception+0x21/0x310 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x26/0x30 ? tty_port_put+0x19/0xa0 gsmtty_cleanup+0x29/0x80 [n_gsm] release_one_tty+0x37/0xe0 process_one_work+0x1e6/0x3e0 worker_thread+0x4c/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe1/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> The actual issue is that nothing guards dlci_put() from being called multiple times while the tty driver was triggered but did not yet finished calling gsm_dlci_free().
AI Analysis
Technical Summary
CVE-2023-52564 is a vulnerability in the Linux kernel's GSM tty driver subsystem, specifically related to the handling of virtual TTY devices managed by the n_gsm driver. The issue stems from improper management of reference counting and pointer clearing in the gsm_cleanup_mux() function. The vulnerability originated from a reverted commit that attempted to fix a use-after-free (UAF) condition but instead introduced a null pointer dereference. The root cause is that the function dlci_put(), which decreases the reference count of a DLCI (Data Link Connection Identifier) and eventually frees associated resources via gsm_dlci_free(), can be called multiple times concurrently without proper guarding. This leads to a race condition where the pointer may be cleared prematurely, causing null pointer dereferences and potential kernel crashes (denial of service). The stack trace provided shows the fault occurring during tty port cleanup operations, indicating that the issue manifests during device teardown or resource release. Although the vulnerability does not appear to have known exploits in the wild, the underlying problem affects the stability and reliability of the Linux kernel's GSM tty driver, which is used in embedded systems and telecommunications equipment that rely on GSM modems or virtual serial interfaces. The affected versions are identified by specific git commit hashes, indicating this is a recent regression introduced and then reverted in the Linux kernel source tree. No CVSS score has been assigned yet, and no patches are explicitly linked, but the vulnerability is publicly disclosed and documented by the Linux project and CISA.
Potential Impact
For European organizations, the impact of CVE-2023-52564 depends largely on their use of Linux-based systems that incorporate GSM modem support via the n_gsm driver. Telecommunications providers, embedded device manufacturers, and industrial control systems that rely on GSM virtual TTY interfaces could experience kernel crashes leading to denial of service, potentially disrupting critical communications or operational technology. This could affect network equipment stability, IoT gateways, or other infrastructure components that use Linux kernels with the affected commits. While the vulnerability does not directly enable privilege escalation or remote code execution, the resulting kernel panic or system crash could cause service outages or require system reboots, impacting availability. In sectors such as telecommunications, manufacturing, or critical infrastructure in Europe, such disruptions could have cascading effects on service delivery and operational continuity. Given the lack of known exploits, the immediate risk is moderate, but the vulnerability should be addressed promptly to prevent accidental or targeted triggering.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to those that have reverted the problematic commit or otherwise patched the issue once official fixes are released. Specifically, kernel maintainers and system administrators should monitor Linux kernel mailing lists and security advisories for patches addressing the n_gsm driver cleanup logic. In the interim, organizations using affected kernels should audit their use of GSM virtual TTY devices and consider disabling or isolating these interfaces if not critical to operations. For embedded or telecom devices, firmware updates incorporating fixed kernel versions should be deployed. Additionally, implementing kernel crash monitoring and automated recovery mechanisms can reduce downtime caused by potential exploitation of this vulnerability. Organizations should also conduct thorough testing of updated kernels in their environments to ensure stability and compatibility. Finally, maintaining strict access controls to systems with GSM interfaces can reduce the risk of malicious triggering of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland
CVE-2023-52564: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to free up the virtual ttys by calling gsm_dlci_release() for each available DLCI. There, dlci_put() is called to decrease the reference counter for the DLCI via tty_port_put() which finally calls gsm_dlci_free(). This already clears the pointer which is being checked in gsm_cleanup_mux() before calling gsm_dlci_release(). Therefore, it is not necessary to clear this pointer in gsm_cleanup_mux() as done in the reverted commit. The commit introduces a null pointer dereference: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x156/0x420 ? search_exception_tables+0x37/0x50 ? fixup_exception+0x21/0x310 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x26/0x30 ? tty_port_put+0x19/0xa0 gsmtty_cleanup+0x29/0x80 [n_gsm] release_one_tty+0x37/0xe0 process_one_work+0x1e6/0x3e0 worker_thread+0x4c/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe1/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> The actual issue is that nothing guards dlci_put() from being called multiple times while the tty driver was triggered but did not yet finished calling gsm_dlci_free().
AI-Powered Analysis
Technical Analysis
CVE-2023-52564 is a vulnerability in the Linux kernel's GSM tty driver subsystem, specifically related to the handling of virtual TTY devices managed by the n_gsm driver. The issue stems from improper management of reference counting and pointer clearing in the gsm_cleanup_mux() function. The vulnerability originated from a reverted commit that attempted to fix a use-after-free (UAF) condition but instead introduced a null pointer dereference. The root cause is that the function dlci_put(), which decreases the reference count of a DLCI (Data Link Connection Identifier) and eventually frees associated resources via gsm_dlci_free(), can be called multiple times concurrently without proper guarding. This leads to a race condition where the pointer may be cleared prematurely, causing null pointer dereferences and potential kernel crashes (denial of service). The stack trace provided shows the fault occurring during tty port cleanup operations, indicating that the issue manifests during device teardown or resource release. Although the vulnerability does not appear to have known exploits in the wild, the underlying problem affects the stability and reliability of the Linux kernel's GSM tty driver, which is used in embedded systems and telecommunications equipment that rely on GSM modems or virtual serial interfaces. The affected versions are identified by specific git commit hashes, indicating this is a recent regression introduced and then reverted in the Linux kernel source tree. No CVSS score has been assigned yet, and no patches are explicitly linked, but the vulnerability is publicly disclosed and documented by the Linux project and CISA.
Potential Impact
For European organizations, the impact of CVE-2023-52564 depends largely on their use of Linux-based systems that incorporate GSM modem support via the n_gsm driver. Telecommunications providers, embedded device manufacturers, and industrial control systems that rely on GSM virtual TTY interfaces could experience kernel crashes leading to denial of service, potentially disrupting critical communications or operational technology. This could affect network equipment stability, IoT gateways, or other infrastructure components that use Linux kernels with the affected commits. While the vulnerability does not directly enable privilege escalation or remote code execution, the resulting kernel panic or system crash could cause service outages or require system reboots, impacting availability. In sectors such as telecommunications, manufacturing, or critical infrastructure in Europe, such disruptions could have cascading effects on service delivery and operational continuity. Given the lack of known exploits, the immediate risk is moderate, but the vulnerability should be addressed promptly to prevent accidental or targeted triggering.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel versions to those that have reverted the problematic commit or otherwise patched the issue once official fixes are released. Specifically, kernel maintainers and system administrators should monitor Linux kernel mailing lists and security advisories for patches addressing the n_gsm driver cleanup logic. In the interim, organizations using affected kernels should audit their use of GSM virtual TTY devices and consider disabling or isolating these interfaces if not critical to operations. For embedded or telecom devices, firmware updates incorporating fixed kernel versions should be deployed. Additionally, implementing kernel crash monitoring and automated recovery mechanisms can reduce downtime caused by potential exploitation of this vulnerability. Organizations should also conduct thorough testing of updated kernels in their environments to ensure stability and compatibility. Finally, maintaining strict access controls to systems with GSM interfaces can reduce the risk of malicious triggering of the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-02T21:55:42.567Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd7ef
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 1:26:09 AM
Last updated: 7/31/2025, 10:48:47 PM
Views: 11
Related Threats
CVE-2025-9102: Improper Export of Android Application Components in 1&1 Mail & Media mail.com App
MediumCVE-2025-9101: Cross Site Scripting in zhenfeng13 My-Blog
MediumCVE-2025-9100: Authentication Bypass by Capture-replay in zhenfeng13 My-Blog
MediumCVE-2025-9099: Unrestricted Upload in Acrel Environmental Monitoring Cloud Platform
MediumCVE-2025-9098: Improper Export of Android Application Components in Elseplus File Recovery App
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.