CVE-2023-52847

Updated: 2025-12-14 03:06:23.126016

Description:

In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_delete operation in remove function. When it hit kfree btv, the function might still be invoked, which will cause use after free bug. This bug is found by static analysis, it may be false positive. Fix it by adding del_timer_sync invoking to the remove function. cpu0 cpu1 bttv_probe ->timer_setup ->bttv_set_dma ->mod_timer; bttv_remove ->kfree(btv); ->bttv_irq_timeout ->USE btv


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.0

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.0 HIGH Not Vulnerable 2025-09-12 22:06:01 CONFIG_MEDIA_ANALOG_TV_SUPPORT is not set
CentOS 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2025-09-28 00:16:53
CentOS 7 ELS kernel 3.10.0 7.0 HIGH Not Vulnerable 2025-09-16 14:07:55
CentOS 8.4 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2025:1763731262 2025-11-21 22:44:16
CentOS 8.5 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2025:1763734783 2025-11-21 22:44:17
CentOS Stream 8 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2025:1763722365 2026-01-27 08:07:58
CloudLinux 6 ELS kernel 2.6.32 7.0 HIGH Ignored 2025-09-23 10:55:51 Postponed until request or high risk detected
CloudLinux 7 ELS kernel 3.10.0 7.0 HIGH Ignored 2025-09-23 10:55:47 Postponed until request or high risk detected
Oracle Linux 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2025-11-02 11:09:25
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.0 HIGH Released CLSA-2025:1744624441 2025-04-15 04:04:49
Total: 12