7.8

CVE-2023-52509

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

In the Linux kernel, the following vulnerability has been resolved:

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

The ravb_stop() should call cancel_work_sync(). Otherwise,
ravb_tx_timeout_work() is possible to use the freed priv after
ravb_remove() was called like below:

CPU0			CPU1
			ravb_tx_timeout()
ravb_remove()
unregister_netdev()
free_netdev(ndev)
// free priv
			ravb_tx_timeout_work()
			// use priv

unregister_netdev() will call .ndo_stop() so that ravb_stop() is
called. And, after phy_stop() is called, netif_carrier_off()
is also called. So that .ndo_tx_timeout() will not be called
after phy_stop().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.2 < 5.4.259
LinuxLinux Kernel Version >= 5.5 < 5.10.199
LinuxLinux Kernel Version >= 5.11 < 5.15.136
LinuxLinux Kernel Version >= 5.16 < 6.1.59
LinuxLinux Kernel Version >= 6.2 < 6.5.8
LinuxLinux Kernel Version6.6 Updaterc1
LinuxLinux Kernel Version6.6 Updaterc2
LinuxLinux Kernel Version6.6 Updaterc3
LinuxLinux Kernel Version6.6 Updaterc4
LinuxLinux Kernel Version6.6 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.151
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705
Patch
https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89
Patch
https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6
Patch
https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5
Patch
https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965
Patch
https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82
Patch