Login Sign Up

CVE-2023-52494

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE addresses an alignment vulnerability in the Linux kernel's MHI host bus driver where an unaligned event ring read pointer could cause denial of service or memory corruption. Systems using the MHI bus interface for modem communication are affected, particularly those with Qualcomm-based hardware. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • Linux kernel with MHI host bus driver
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires MHI bus functionality to be enabled and used (common in systems with Qualcomm modems).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential memory corruption enabling privilege escalation or arbitrary code execution in kernel context.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting modem functionality and related services.

🟢

If Mitigated

Minimal impact with proper access controls preventing unprivileged users from triggering the vulnerability.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes with access to MHI bus could trigger crashes affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to interact with MHI bus interface. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 2df39ac8f813860f79782807c3f7acff40b3c551, 94991728c84f8df54fd9eec9b85855ef9057ea08, a9ebfc405fe1be145f414eafadcbf09506082010, ecf8320111822a1ae5d5fc512953eab46d543d0b, eff9704f5332a13b08fbdbe0f84059c9e7051d5f

Vendor Advisory: https://git.kernel.org/stable/c/2df39ac8f813860f79782807c3f7acff40b3c551

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable MHI bus module

linux

Prevent loading of the vulnerable MHI host bus driver if not required

echo 'blacklist mhi' >> /etc/modprobe.d/blacklist.conf
rmmod mhi

🧯 If You Can't Patch

  • Restrict access to MHI bus interface using appropriate permissions and access controls
  • Implement strict user privilege management to prevent unprivileged users from accessing system resources

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if MHI module is loaded: lsmod | grep mhi && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond fix commits and MHI module loads without issues

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • MHI bus errors in dmesg
  • System crashes related to modem functionality

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "mhi" OR "bus error")

📊 Metadata

CVE ID: CVE-2023-52494
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 11, 2024
Last Updated: February 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52494, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)