CVE-2023-52629

2024-03-2900:00:00

ubuntu.com

linux kernel

use-after-free vulnerability

worker

timer

deallocate operations

bug mitigation

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: sh:
push-switch: Reorder cleanup operations to avoid use-after-free bug The
original code puts flush_work() before timer_shutdown_sync() in
switch_drv_remove(). Although we use flush_work() to stop the worker, it
could be rescheduled in switch_timer(). As a result, a use-after-free bug
can occur. The details are shown below: (cpu 0) | (cpu 1)
switch_drv_remove() | flush_work() | … | switch_timer // timer |
schedule_work(&psw->work) timer_shutdown_sync() | … | switch_work_handler
// worker kfree(psw) // free | | psw->state = 0 // use This patch puts
timer_shutdown_sync() before flush_work() to mitigate the bugs. As a
result, the worker and timer will be stopped safely before the deallocate
operations.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN