CVE-2023-52457
CVSS v3.1
7.8 (High)
EPSS
0.04 % (5th)
Affected Products
1
Advisories
21
NVD Status
Analyzed
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
Returning an error code from .remove() makes the driver core emit the
little helpful error message:
remove callback returned a non-zero value. This will be ignored.
and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.
So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.
Weaknesses
- CWE-416
- Use After Free
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- kernel.org
- Published Date
-
2024-02-23 15:15:08
(6 months ago) - Updated Date
-
2024-08-27 15:26:27
(2 weeks ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...