Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2023-52457
HistoryFeb 23, 2024 - 3:15 p.m.

CVE-2023-52457

2024-02-2315:15:08
CWE-416
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
linux kernel
8250 serial
vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: omap: Don’t skip resource freeing if pm_runtime_resume_and_get() failed

Returning an error code from .remove() makes the driver core emit the
little helpful error message:

remove callback returned a non-zero value. This will be ignored.

and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.

So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.

Affected configurations

NVD
Node
linuxlinux_kernelRange<5.4.268
OR
linuxlinux_kernelRange5.5.05.10.209
OR
linuxlinux_kernelRange5.11.05.15.148
OR
linuxlinux_kernelRange5.166.1.75
OR
linuxlinux_kernelRange6.2.06.6.14
OR
linuxlinux_kernelRange6.7.06.7.2

Related

ubuntucve 1
prion 1
cve 1
debiancve 1
cvelist 1
nessus 20
openvas 15
osv 15
ubuntu 11
ubuntucve
ubuntucve
CVE-2023-52457
2024-02-23 00:00:00
prion
prion
Spoofing
2024-02-23 15:15:00
cve
cve
CVE-2023-52457
2024-02-23 15:15:08
debiancve
debiancve
CVE-2023-52457
2024-02-23 15:15:08
cvelist
cvelist
CVE-2023-52457 serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
2024-02-23 14:46:19
nessus
nessus
Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6726-3)
2024-04-17 00:00:00
Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6726-2)
2024-04-17 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6726-1)
2024-04-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6726-3)
2024-04-18 00:00:00
Ubuntu: Security Advisory (USN-6726-1)
2024-04-10 00:00:00
Ubuntu: Security Advisory (USN-6726-2)
2024-04-17 00:00:00
osv
osv
linux-xilinx-zynqmp vulnerabilities
2024-04-17 13:06:30
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2024-04-09 13:46:16
linux-iot vulnerabilities
2024-04-16 21:25:54
ubuntu
ubuntu
Linux kernel (IoT) vulnerabilities
2024-04-16 00:00:00
Linux kernel (Xilinx ZynqMP) vulnerabilities
2024-04-17 00:00:00
Linux kernel vulnerabilities
2024-04-09 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for NVD:CVE-2023-52457
ubuntucve1prion1cve1debiancve1cvelist1nessus20openvas15osv15ubuntu11