1. Home
  2. Vulnerabilities
  3. CVE-2023-52439

CVE-2023-52439

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 27
NVD Status Modified
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

uio: Fix use-after-free in uio_open

core-1 core-2

uio_unregister_device uio_open
idev = idr_find()
device_unregister(&idev->dev)
put_device(&idev->dev)
uio_device_release
get_device(&idev->dev)
kfree(idev)
uio_free_minor(minor)
uio_release
put_device(&idev->dev)

kfree(idev)

In the core-1 uio_unregister_device(), the device_unregister will kfree
idev when the idev->dev kobject ref is 1. But after core-1
device_unregister, put_device and before doing kfree, the core-2 may
get_device. Then:
1. After core-1 kfree idev, the core-2 will do use-after-free for idev.
2. When core-2 do uio_release and put_device, the idev will be double
freed.

To address this issue, we can get idev atomic & inc idev reference with
minor_lock.

Weaknesses
CWE-415
Double Free
CVE Status
PUBLISHED
NVD Status
Modified
CNA
kernel.org
Published Date
2024-02-20 21:15:08
(6 months ago)
Updated Date
2024-06-27 12:15:14
(2 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel above 4.18.0 version and prior 4.19.306 version cpe:2.3:o:linux:linux_kernel > 4.18.0 < 4.19.306
  Linux Kernel from 4.20.0 version and prior 5.4.268 version cpe:2.3:o:linux:linux_kernel >= 4.20.0 < 5.4.268
  Linux Kernel from 5.5.0 version and prior 5.10.209 version cpe:2.3:o:linux:linux_kernel >= 5.5.0 < 5.10.209
  Linux Kernel from 5.11.0 version and prior 5.15.148 version cpe:2.3:o:linux:linux_kernel >= 5.11.0 < 5.15.148
  Linux Kernel from 5.16.0 version and prior 6.1.74 version cpe:2.3:o:linux:linux_kernel >= 5.16.0 < 6.1.74
  Linux Kernel from 6.2.0 version and prior 6.6.13 version cpe:2.3:o:linux:linux_kernel >= 6.2.0 < 6.6.13
  Linux Kernel from 6.7.0 version and prior 6.7.1 version cpe:2.3:o:linux:linux_kernel >= 6.7.0 < 6.7.1
  Linux Kernel 4.18 cpe:2.3:o:linux:linux_kernel:4.18:-
  Linux Kernel 4.18 Rc5 cpe:2.3:o:linux:linux_kernel:4.18:rc5
  Linux Kernel 4.18 Rc6 cpe:2.3:o:linux:linux_kernel:4.18:rc6
  Linux Kernel 4.18 Rc7 cpe:2.3:o:linux:linux_kernel:4.18:rc7
  Linux Kernel 4.18 Rc8 cpe:2.3:o:linux:linux_kernel:4.18:rc8