CVE-2023-52860 is a vulnerability identified in the Linux kernel specifically related to the handling of the 'hisi_hns3' Performance Monitoring Unit (PMU) driver. The issue arises during the teardown process of the hisi_hns3 PMU device, where CPU hotplug callbacks are executed after the device has already been unregistered. This improper sequence leads to attempts to execute empty function callbacks within the driver, resulting in a NULL pointer dereference in kernel space. The kernel crash manifests as an inability to handle the NULL pointer dereference at virtual address 0x0, causing a system panic or kernel oops. The root cause is the use of the cpuhp_state_remove_instance() function, which invokes notifier callbacks even after device unregistration, instead of the safer cpuhp_state_remove_instance_nocalls() function that removes the instance without triggering callbacks. This vulnerability can cause system instability or denial of service (DoS) due to kernel crashes when CPUs are hotplugged or taken offline in systems using the affected driver. The vulnerability affects Linux kernel versions containing the hisi_hns3 PMU driver implementation prior to the patch that replaces cpuhp_state_remove_instance() with cpuhp_state_remove_instance_nocalls() in the driver code. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability is technical and specific to hardware platforms using the HiSilicon HNS3 network interface cards or related hardware that utilize this PMU driver. The fix involves a code change in the kernel driver to prevent execution of callbacks after device unregistration, thereby avoiding the NULL pointer dereference and subsequent kernel crash.

For European organizations, the primary impact of CVE-2023-52860 is potential system instability and denial of service on Linux systems running affected kernel versions with the hisi_hns3 PMU driver. This is particularly relevant for enterprises and data centers using HiSilicon HNS3-based network interface cards or servers with this hardware integration. A kernel crash due to this vulnerability could lead to unexpected system reboots, service interruptions, and potential data loss or corruption if critical processes are terminated abruptly. Organizations relying on Linux servers for critical infrastructure, cloud services, or telecommunications may experience degraded service availability. Although this vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service impact can disrupt operations and affect service level agreements (SLAs). Since the vulnerability is triggered during CPU hotplug events, environments that dynamically manage CPU resources (e.g., virtualized or containerized infrastructures) may be more exposed. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to maintain system reliability and security posture.

European organizations should take the following specific mitigation steps: 1) Identify Linux systems running kernels with the hisi_hns3 PMU driver, especially those deployed on hardware platforms using HiSilicon HNS3 network cards. 2) Apply the official Linux kernel patch that replaces cpuhp_state_remove_instance() with cpuhp_state_remove_instance_nocalls() in the hisi_hns3 PMU driver code. This patch is essential to prevent kernel crashes during CPU hotplug operations. 3) If immediate patching is not feasible, consider temporarily disabling CPU hotplug features or avoid CPU offline/online operations on affected systems to reduce the risk of triggering the vulnerability. 4) Monitor system logs for kernel oops or panic messages related to perf_pmu_migrate_context or hisi_hns3_pmu_offline_cpu functions, which may indicate attempts to exploit or accidental triggering of the vulnerability. 5) Coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and backported patches are applied in enterprise environments. 6) Incorporate this vulnerability into vulnerability management and patching workflows to ensure ongoing compliance and risk reduction. 7) For virtualized environments, ensure hypervisor and guest OS kernel versions are updated to prevent cascading failures due to CPU hotplug events.