CVE-2023-52475

Updated: 2024-12-10 02:23:31.449667

Description:

In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738671431 2025-02-05 02:21:49
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2025:1738670922 2025-02-05 02:21:56
CentOS 6 ELS kernel 2.6.32 7.8 HIGH In Rollout CLSA-2025:1739292069 2025-02-12 06:38:21
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH In Testing CLSA-2025:1736778412 2025-02-01 23:55:06
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH In Testing CLSA-2025:1736778632 2025-02-11 00:36:52
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2025-01-10 22:42:39
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1739352814 2025-02-13 01:25:14
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Released CLSA-2025:1736444557 2025-02-07 06:40:09
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released CLSA-2025:1736470237 2025-02-07 06:40:08
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Released CLSA-2025:1736469006 2025-02-07 06:40:09