Lucene search
LinuxCVELIST:CVE-2023-52439HistoryFeb 20, 2024 - 6:34 p.m.
CVE-2023-52439 uio: Fix use-after-free in uio_open
2024-02-2018:34:49
Linux
www.cve.org
2
linux kernel
use-after-free
uio_open
uio_unregister_device
device_unregister
kfree
idev
uio_release
In the Linux kernel, the following vulnerability has been resolved:
uio: Fix use-after-free in uio_open
core-1 core-2
uio_unregister_device uio_open
idev = idr_find()
device_unregister(&idev->dev)
put_device(&idev->dev)
uio_device_release
get_device(&idev->dev)
kfree(idev)
uio_free_minor(minor)
uio_release
put_device(&idev->dev)
kfree(idev)
In the core-1 uio_unregister_device(), the device_unregister will kfree
idev when the idev->dev kobject ref is 1. But after core-1
device_unregister, put_device and before doing kfree, the core-2 may
get_device. Then:
- After core-1 kfree idev, the core-2 will do use-after-free for idev.
- When core-2 do uio_release and put_device, the idev will be double
freed.
To address this issue, we can get idev atomic & inc idev reference with
minor_lock.
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/uio/uio.c"
],
"versions": [
{
"version": "57c5f4df0a5a",
"lessThan": "3174e0f7de1b",
"status": "affected",
"versionType": "git"
},
{
"version": "57c5f4df0a5a",
"lessThan": "e93da893d52d",
"status": "affected",
"versionType": "git"
},
{
"version": "57c5f4df0a5a",
"lessThan": "5e0be1229ae1",
"status": "affected",
"versionType": "git"
},
{
"version": "57c5f4df0a5a",
"lessThan": "5cf604ee538e",
"status": "affected",
"versionType": "git"
},
{
"version": "57c5f4df0a5a",
"lessThan": "17a8519cb359",
"status": "affected",
"versionType": "git"
},
{
"version": "57c5f4df0a5a",
"lessThan": "35f102607054",
"status": "affected",
"versionType": "git"
},
{
"version": "57c5f4df0a5a",
"lessThan": "913205930da6",
"status": "affected",
"versionType": "git"
},
{
"version": "57c5f4df0a5a",
"lessThan": "0c9ae0b86050",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/uio/uio.c"
],
"versions": [
{
"version": "4.18",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.18",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.306",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.268",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.209",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.148",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.74",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.13",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.1",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2
git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea
git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c
git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad
git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7
git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570
git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41
git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50
lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Related
cve
cve
CVE-2023-52439
2024-02-20 21:15:08
debiancve
debiancve
CVE-2023-52439
2024-02-20 21:15:08
nvd
nvd
CVE-2023-52439
2024-02-20 21:15:08
prion
prion
Spoofing
2024-02-20 21:15:00
ubuntucve
ubuntucve
CVE-2023-52439
2024-02-20 00:00:00
redhatcve
redhatcve
CVE-2023-52439
2024-02-21 09:10:38
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0729
2024-02-22 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-04-09 00:00:00
Linux kernel vulnerabilities
2024-04-16 00:00:00
Linux kernel (Azure) vulnerabilities
2024-05-20 00:00:00
osv
osv
linux-aws-6.5, linux-raspi vulnerabilities
2024-04-16 20:07:50
linux-gcp vulnerabilities
2024-05-21 22:34:49
openvas
openvas
Ubuntu: Security Advisory (USN-6724-1)
2024-04-10 00:00:00
Ubuntu: Security Advisory (USN-6724-2)
2024-04-17 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1488)
2024-04-08 00:00:00
nessus
nessus
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-2)
2024-04-17 00:00:00
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-1)
2024-04-09 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-036)
2024-02-06 00:00:00
almalinux
almalinux
Moderate: kernel update
2024-06-05 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2024-06-14 13:59:36
kernel update
2024-06-14 13:59:16
oraclelinux
oraclelinux
kernel update
2024-06-05 00:00:00
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2024-06-05 19:11:11