CVE-2023-52627 is a medium-severity vulnerability identified in the Linux kernel's Industrial I/O (IIO) subsystem, specifically affecting the ad7091r driver family that supports AD7091R-series Analog-to-Digital Converter (ADC) devices. These devices include variants such as ad7091r-5, ad7091r-2, ad7091r-4, and ad7091r-8. The vulnerability arises because the driver previously declared IIO events to notify user space applications when ADC readings crossed configured threshold limits (low or high), but lacked the necessary callback functions to properly configure these events and their thresholds. Attempting to configure these events without the callbacks resulted in a null pointer dereference in the kernel, causing a kernel crash (denial of service). The fix involved implementing the missing event configuration callbacks to allow safe reading, writing, enabling, and disabling of event thresholds. Additionally, event specification structures were moved from the ad7091r-5 specific driver to the base driver to facilitate reuse for other device variants. The vulnerability requires local privileges with low authentication complexity and no user interaction, and it impacts availability by causing kernel crashes. The CVSS v3.1 score is 5.5 (medium), reflecting the limited scope and impact confined to local users with some privileges. No known exploits are reported in the wild as of the publication date (March 26, 2024).

For European organizations, the impact of CVE-2023-52627 is primarily related to system availability and stability in environments using Linux systems with AD7091R-series ADC hardware. Such ADC devices are typically embedded in industrial control systems, IoT devices, and specialized measurement equipment. Organizations in sectors like manufacturing, energy, automotive, and critical infrastructure that deploy Linux-based embedded systems with these ADCs could experience kernel crashes leading to denial of service, potentially disrupting operational technology (OT) processes or data acquisition workflows. While the vulnerability does not compromise confidentiality or integrity, repeated crashes could cause downtime, data loss, or require system reboots, impacting operational continuity. Since exploitation requires local access with some privileges, the threat is more relevant in environments where multiple users have shell or administrative access or where attackers have already gained limited footholds. European organizations with stringent uptime requirements and those operating critical infrastructure should prioritize patching to avoid service interruptions.

1. Apply the official Linux kernel patches that implement the missing event configuration callbacks for the ad7091r driver family as soon as they are available in your distribution or kernel version. 2. For embedded or industrial systems, coordinate with hardware and software vendors to ensure updated firmware or kernel versions are deployed. 3. Restrict local user privileges to minimize the number of users who can configure IIO events or access the affected ADC devices. 4. Monitor system logs for kernel oops or crashes related to the ad7091r driver to detect potential exploitation attempts or misconfigurations. 5. Implement strict access controls and network segmentation to limit local access to critical Linux systems running these drivers. 6. For systems where patching is delayed, consider disabling event configuration features for the ad7091r devices if feasible, to prevent triggering the null pointer dereference. 7. Maintain up-to-date backups and recovery procedures to minimize downtime in case of denial-of-service incidents.