CVE-2023-52457

CVSS v3.1 7.8 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 21

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed

Returning an error code from .remove() makes the driver core emit the
little helpful error message:

remove callback returned a non-zero value. This will be ignored.

and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.

So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-02-23 15:15:08
(6 months ago)
Updated Date: 2024-08-27 15:26:27
(2 weeks ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.4.225 version and prior 5.4.268 version	cpe:2.3:o:linux:linux_kernel	>= 5.4.225	< 5.4.268
Linux Kernel from 5.10.156 version and prior 5.10.209 version	cpe:2.3:o:linux:linux_kernel	>= 5.10.156	< 5.10.209
Linux Kernel from 5.15.80 version and prior 5.15.148 version	cpe:2.3:o:linux:linux_kernel	>= 5.15.80	< 5.15.148
Linux Kernel from 6.0.10 version and prior 6.1.75 version	cpe:2.3:o:linux:linux_kernel	>= 6.0.10	< 6.1.75
Linux Kernel from 6.2 version and prior 6.6.14 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.14
Linux Kernel from 6.7 version and prior 6.7.2 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.7.2