CVE-2023-52445

Updated: 2024-03-15 05:03:59.97617

Description:

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Not Vulnerable 2024-04-09 11:13:40
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Not Vulnerable 2024-04-09 11:13:40
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2024-03-15 04:18:58
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2024-03-15 04:19:07
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1711026398 2024-03-21 09:52:31
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1711026811 2024-03-21 09:52:32
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2024-03-15 04:19:00
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2024-03-15 04:19:08
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released CLSA-2024:1710945589 2024-03-20 11:09:28
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2024:1710946064 2024-03-20 11:09:32
Total: 11