Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-52457
HistoryFeb 23, 2024 - 3:15 p.m.

Spoofing

2024-02-2315:15:00
PRIOn knowledge base
www.prio-n.com
5
linux
kernel
vulnerability
8250
omap
driver
resource
freeing
pm_runtime_resume_and_get()
error
message
uart
use-after-free
nvd
cleanup

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: omap: Don’t skip resource freeing if pm_runtime_resume_and_get() failed

Returning an error code from .remove() makes the driver core emit the
little helpful error message:

remove callback returned a non-zero value. This will be ignored.

and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.

So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%