CVE-2023-52613: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz->type is NULL when thermal-zones is undefined, resulting in the following error: [ 12.290030] CPU 1 Unable to handle kernel paging request at virtual address fffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8 [ 12.302877] Oops[#1]: [ 12.305190] CPU: 1 PID: 181 Comm: systemd-udevd Not tainted 6.6.0-rc7+ #5385 [ 12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10 [ 12.320739] a0 0000000000000000 a1 fffffffffffffff1 a2 0000000000000014 a3 0000000000000001 [ 12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c [ 12.337606] t0 fffffffffffffff1 t1 54567fd5da9b4fd4 t2 900000010614ec40 t3 00000000000dc901 [ 12.346041] t4 0000000000000000 t5 0000000000000004 t6 900000010614ee20 t7 900000000d00b790 [ 12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40 [ 12.362916] s1 90000000039fced0 s2 ffffffffffffffed s3 ffffffffffffffed s4 9000000003acc000 [ 12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8 [ 12.362938] ra: 90000000031579b8 thermal_add_hwmon_sysfs+0x258/0x300 [ 12.386411] ERA: 900000000355f410 strscpy+0xf0/0x160 [ 12.391626] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 12.397898] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 12.403678] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 12.409859] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 12.415882] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 12.415907] BADV: fffffffffffffff1 [ 12.415911] PRID: 0014a000 (Loongson-64bit, Loongson-2K1000) [ 12.415917] Modules linked in: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc [ 12.415950] Process systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3) [ 12.415961] Stack : 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358 [ 12.415982] ffffffffffffffed 0000000000000004 9000000107a10aa8 90000001002a3410 [ 12.415999] ffffffffffffffed ffffffffffffffed 9000000107a11268 9000000003157ab0 [ 12.416016] 9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed [ 12.416032] 0000000000000024 ffffff80020cc1e8 900000000402b2a0 9000000003acc000 [ 12.416048] 90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410 [ 12.416065] 0000000000000000 9000000002df6808 90000001002a3410 0000000000000000 [ 12.416081] ffffff80020f4030 0000000000000000 90000001002a3410 9000000002df2ba8 [ 12.416097] 00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002 [ 12.416114] ffffff80020f4030 fffffffffffffff0 90000001002a3410 9000000002df2f30 [ 12.416131] ... [ 12.416138] Call Trace: [ 12.416142] [<900000000355f410>] strscpy+0xf0/0x160 [ 12.416167] [<90000000031579b8>] thermal_add_hwmon_sysfs+0x258/0x300 [ 12.416183] [<9000000003157ab0>] devm_thermal_add_hwmon_sysfs+0x50/0xe0 [ 12.416200] [<ffffff80020cc1e8>] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal] [ 12.416232] [<9000000002df6808>] platform_probe+0x68/0x140 [ 12.416249] [<9000000002df2ba8>] really_probe+0xc8/0x3c0 [ 12.416269] [<9000000002df2f30>] __driver_probe_device+0x90/0x180 [ 12.416286] [<9000000002df3058>] driver_probe_device+0x38/0x160 [ 12.416302] [<9000000002df33a8>] __driver_attach+0xa8/0x200 [ 12.416314] [<9000000002deffec>] bus_for_each_dev+0x8c/0x120 [ 12.416330] [<9000000002df198c>] bus_add_driver+0x10c/0x2a0 [ 12.416346] [<9000000002df46b4>] driver_register+0x74/0x160 [ 12.416358] [<90000000022201a4>] do_one_initcall+0x84/0x220 [ 12.416372] [<90000000022f3ab8>] do_init_module+0x58/0x2c0 [ ---truncated---
AI Analysis
Technical Summary
CVE-2023-52613 is a medium-severity vulnerability identified in the Linux kernel, specifically within the thermal driver for Loongson2 processors (drivers/thermal/loongson2_thermal). The issue arises from an incorrect use of the PTR_ERR() macro, which is used to interpret error pointers returned by kernel functions. PTR_ERR() returns -ENODEV when thermal zones are undefined, which is the correct value for comparison in this context. However, the vulnerability stems from improper handling of this return value, leading to a NULL pointer dereference when tz->type is accessed while thermal zones are undefined. This results in a kernel oops (crash) due to an invalid memory access, as demonstrated by the provided kernel panic logs. The crash occurs during the initialization of the thermal hardware monitoring sysfs interface, specifically in the thermal_add_hwmon_sysfs function. The vulnerability requires local privileges (PR:L) and does not require user interaction (UI:N). The attack vector is local (AV:L), meaning an attacker must have some level of access to the system to trigger the flaw. The impact is limited to availability (A:H), causing a denial-of-service (DoS) condition by crashing the kernel, but it does not affect confidentiality or integrity. The flaw is patched in recent Linux kernel versions, and the CVSS score is 5.5 (medium severity). No known exploits are reported in the wild at this time. This vulnerability is specific to systems running the Loongson2 thermal driver, which is relevant for hardware platforms using Loongson processors, a MIPS-compatible CPU architecture primarily used in some Chinese and niche computing environments. The issue does not affect other Linux kernel thermal drivers or architectures.
Potential Impact
For European organizations, the primary impact of CVE-2023-52613 is a potential denial-of-service condition on Linux systems running on Loongson2 hardware platforms. While Loongson processors are not widely deployed in mainstream European IT infrastructure, certain research institutions, specialized computing environments, or organizations with niche hardware deployments might be affected. The vulnerability could cause system instability or crashes, disrupting critical services or operations relying on affected Linux kernel versions. Since the flaw requires local access and privileges, the risk of remote exploitation is low, but insider threats or compromised accounts could trigger the kernel panic. The impact on confidentiality and integrity is negligible; however, availability disruptions could affect operational continuity, especially in environments where Loongson-based systems are used for embedded or industrial applications. European organizations with supply chains or partnerships involving Chinese hardware vendors might also face indirect risks if such devices are integrated into their networks without proper patching. Overall, the threat is moderate and primarily concerns system stability rather than data breaches or privilege escalation.
Mitigation Recommendations
1. Apply Kernel Updates: Ensure that all Linux systems, especially those running on Loongson2 hardware, are updated to the latest kernel versions where this vulnerability is patched. Monitor Linux kernel mailing lists and vendor advisories for patches related to CVE-2023-52613. 2. Limit Local Access: Restrict local user privileges to trusted personnel only. Implement strict access controls and monitoring to prevent unauthorized users from triggering the vulnerability. 3. Hardware Inventory and Segmentation: Identify and inventory all systems using Loongson2 processors within the organization. Segment these systems from critical network segments to limit potential impact. 4. Monitoring and Logging: Enable detailed kernel and system logging to detect unusual crashes or kernel oops events that may indicate exploitation attempts. 5. Incident Response Preparedness: Develop and test incident response plans for handling kernel crashes and system availability issues, including rapid patch deployment and system recovery procedures. 6. Vendor Coordination: For organizations using third-party hardware or embedded systems with Loongson processors, coordinate with vendors to ensure timely firmware and kernel updates are applied. 7. Avoid Unnecessary Use: Where possible, avoid deploying Loongson2-based systems in critical infrastructure until the vulnerability is fully mitigated and stable kernel versions are confirmed.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2023-52613: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz->type is NULL when thermal-zones is undefined, resulting in the following error: [ 12.290030] CPU 1 Unable to handle kernel paging request at virtual address fffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8 [ 12.302877] Oops[#1]: [ 12.305190] CPU: 1 PID: 181 Comm: systemd-udevd Not tainted 6.6.0-rc7+ #5385 [ 12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10 [ 12.320739] a0 0000000000000000 a1 fffffffffffffff1 a2 0000000000000014 a3 0000000000000001 [ 12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c [ 12.337606] t0 fffffffffffffff1 t1 54567fd5da9b4fd4 t2 900000010614ec40 t3 00000000000dc901 [ 12.346041] t4 0000000000000000 t5 0000000000000004 t6 900000010614ee20 t7 900000000d00b790 [ 12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40 [ 12.362916] s1 90000000039fced0 s2 ffffffffffffffed s3 ffffffffffffffed s4 9000000003acc000 [ 12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8 [ 12.362938] ra: 90000000031579b8 thermal_add_hwmon_sysfs+0x258/0x300 [ 12.386411] ERA: 900000000355f410 strscpy+0xf0/0x160 [ 12.391626] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 12.397898] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 12.403678] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 12.409859] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 12.415882] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 12.415907] BADV: fffffffffffffff1 [ 12.415911] PRID: 0014a000 (Loongson-64bit, Loongson-2K1000) [ 12.415917] Modules linked in: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc [ 12.415950] Process systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3) [ 12.415961] Stack : 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358 [ 12.415982] ffffffffffffffed 0000000000000004 9000000107a10aa8 90000001002a3410 [ 12.415999] ffffffffffffffed ffffffffffffffed 9000000107a11268 9000000003157ab0 [ 12.416016] 9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed [ 12.416032] 0000000000000024 ffffff80020cc1e8 900000000402b2a0 9000000003acc000 [ 12.416048] 90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410 [ 12.416065] 0000000000000000 9000000002df6808 90000001002a3410 0000000000000000 [ 12.416081] ffffff80020f4030 0000000000000000 90000001002a3410 9000000002df2ba8 [ 12.416097] 00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002 [ 12.416114] ffffff80020f4030 fffffffffffffff0 90000001002a3410 9000000002df2f30 [ 12.416131] ... [ 12.416138] Call Trace: [ 12.416142] [<900000000355f410>] strscpy+0xf0/0x160 [ 12.416167] [<90000000031579b8>] thermal_add_hwmon_sysfs+0x258/0x300 [ 12.416183] [<9000000003157ab0>] devm_thermal_add_hwmon_sysfs+0x50/0xe0 [ 12.416200] [<ffffff80020cc1e8>] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal] [ 12.416232] [<9000000002df6808>] platform_probe+0x68/0x140 [ 12.416249] [<9000000002df2ba8>] really_probe+0xc8/0x3c0 [ 12.416269] [<9000000002df2f30>] __driver_probe_device+0x90/0x180 [ 12.416286] [<9000000002df3058>] driver_probe_device+0x38/0x160 [ 12.416302] [<9000000002df33a8>] __driver_attach+0xa8/0x200 [ 12.416314] [<9000000002deffec>] bus_for_each_dev+0x8c/0x120 [ 12.416330] [<9000000002df198c>] bus_add_driver+0x10c/0x2a0 [ 12.416346] [<9000000002df46b4>] driver_register+0x74/0x160 [ 12.416358] [<90000000022201a4>] do_one_initcall+0x84/0x220 [ 12.416372] [<90000000022f3ab8>] do_init_module+0x58/0x2c0 [ ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2023-52613 is a medium-severity vulnerability identified in the Linux kernel, specifically within the thermal driver for Loongson2 processors (drivers/thermal/loongson2_thermal). The issue arises from an incorrect use of the PTR_ERR() macro, which is used to interpret error pointers returned by kernel functions. PTR_ERR() returns -ENODEV when thermal zones are undefined, which is the correct value for comparison in this context. However, the vulnerability stems from improper handling of this return value, leading to a NULL pointer dereference when tz->type is accessed while thermal zones are undefined. This results in a kernel oops (crash) due to an invalid memory access, as demonstrated by the provided kernel panic logs. The crash occurs during the initialization of the thermal hardware monitoring sysfs interface, specifically in the thermal_add_hwmon_sysfs function. The vulnerability requires local privileges (PR:L) and does not require user interaction (UI:N). The attack vector is local (AV:L), meaning an attacker must have some level of access to the system to trigger the flaw. The impact is limited to availability (A:H), causing a denial-of-service (DoS) condition by crashing the kernel, but it does not affect confidentiality or integrity. The flaw is patched in recent Linux kernel versions, and the CVSS score is 5.5 (medium severity). No known exploits are reported in the wild at this time. This vulnerability is specific to systems running the Loongson2 thermal driver, which is relevant for hardware platforms using Loongson processors, a MIPS-compatible CPU architecture primarily used in some Chinese and niche computing environments. The issue does not affect other Linux kernel thermal drivers or architectures.
Potential Impact
For European organizations, the primary impact of CVE-2023-52613 is a potential denial-of-service condition on Linux systems running on Loongson2 hardware platforms. While Loongson processors are not widely deployed in mainstream European IT infrastructure, certain research institutions, specialized computing environments, or organizations with niche hardware deployments might be affected. The vulnerability could cause system instability or crashes, disrupting critical services or operations relying on affected Linux kernel versions. Since the flaw requires local access and privileges, the risk of remote exploitation is low, but insider threats or compromised accounts could trigger the kernel panic. The impact on confidentiality and integrity is negligible; however, availability disruptions could affect operational continuity, especially in environments where Loongson-based systems are used for embedded or industrial applications. European organizations with supply chains or partnerships involving Chinese hardware vendors might also face indirect risks if such devices are integrated into their networks without proper patching. Overall, the threat is moderate and primarily concerns system stability rather than data breaches or privilege escalation.
Mitigation Recommendations
1. Apply Kernel Updates: Ensure that all Linux systems, especially those running on Loongson2 hardware, are updated to the latest kernel versions where this vulnerability is patched. Monitor Linux kernel mailing lists and vendor advisories for patches related to CVE-2023-52613. 2. Limit Local Access: Restrict local user privileges to trusted personnel only. Implement strict access controls and monitoring to prevent unauthorized users from triggering the vulnerability. 3. Hardware Inventory and Segmentation: Identify and inventory all systems using Loongson2 processors within the organization. Segment these systems from critical network segments to limit potential impact. 4. Monitoring and Logging: Enable detailed kernel and system logging to detect unusual crashes or kernel oops events that may indicate exploitation attempts. 5. Incident Response Preparedness: Develop and test incident response plans for handling kernel crashes and system availability issues, including rapid patch deployment and system recovery procedures. 6. Vendor Coordination: For organizations using third-party hardware or embedded systems with Loongson processors, coordinate with vendors to ensure timely firmware and kernel updates are applied. 7. Avoid Unnecessary Use: Where possible, avoid deploying Loongson2-based systems in critical infrastructure until the vulnerability is fully mitigated and stable kernel versions are confirmed.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-06T09:52:12.089Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7df2
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/1/2025, 10:57:33 AM
Last updated: 8/10/2025, 10:58:10 PM
Views: 13
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.