416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2023-52509CVE-2023-52509
In the Linux kernel, the following vulnerability has been resolved:
ravb: Fix use-after-free issue in ravb_tx_timeout_work()
The ravb_stop() should call cancel_work_sync(). Otherwise,
ravb_tx_timeout_work() is possible to use the freed priv after
ravb_remove() was called like below:
CPU0 CPU1
ravb_tx_timeout()
ravb_remove()
unregister_netdev()
free_netdev(ndev)
// free priv
ravb_tx_timeout_work()
// use priv
unregister_netdev() will call .ndo_stop() so that ravb_stop() is
called. And, after phy_stop() is called, netif_carrier_off()
is also called. So that .ndo_tx_timeout() will not be called
after phy_stop().
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/ethernet/renesas/ravb_main.c"
],
"versions": [
{
"version": "c156633f1353",
"lessThan": "65d34cfd4e34",
"status": "affected",
"versionType": "git"
},
{
"version": "c156633f1353",
"lessThan": "db9aafa19547",
"status": "affected",
"versionType": "git"
},
{
"version": "c156633f1353",
"lessThan": "616761cf9df9",
"status": "affected",
"versionType": "git"
},
{
"version": "c156633f1353",
"lessThan": "6f6fa8061f75",
"status": "affected",
"versionType": "git"
},
{
"version": "c156633f1353",
"lessThan": "105abd68ad8f",
"status": "affected",
"versionType": "git"
},
{
"version": "c156633f1353",
"lessThan": "397144287071",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/ethernet/renesas/ravb_main.c"
],
"versions": [
{
"version": "4.2",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.2",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.259",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.199",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.136",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.59",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.5.8",
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705
git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89
git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6
git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5
git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965
git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82
Related
