Lucene search

K
redhatcveRedhat.comRH:CVE-2023-52629
HistoryMar 29, 2024 - 3:50 p.m.

CVE-2023-52629

2024-03-2915:50:45
redhat.com
access.redhat.com
10
linux kernel
use-after-free bug
switch_drv_remove
reordering cleanup operations

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

A vulnerability was found in the push-switch driver of Linux Kernel due to improper cleanup sequence in switch_drv_remove(). Originally, flush_work() was placed before timer_shutdown_sync(), allowing the worker to potentially be rescheduled in switch_timer() and causing a use-after-free bug.

Mitigation

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

Related for RH:CVE-2023-52629