5.5

CVE-2023-52754

EPSS 0.01%
Published 21.05.2024 16:15:14
Last modified 23.09.2025 19:17:43
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

media: imon: fix access to invalid resource for the second interface

imon driver probes two USB interfaces, and at the probe of the second
interface, the driver assumes blindly that the first interface got
bound with the same imon driver.  It's usually true, but it's still
possible that the first interface is bound with another driver via a
malformed descriptor.  Then it may lead to a memory corruption, as
spotted by syzkaller; imon driver accesses the data from drvdata as
struct imon_context object although it's a completely different one
that was assigned by another driver.

This patch adds a sanity check -- whether the first interface is
really bound with the imon driver or not -- for avoiding the problem
above at the probe time.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.10.202

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.140

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.64

Linux ≫ Linux Kernel Version >= 6.2 < 6.5.13

Linux ≫ Linux Kernel Version >= 6.6 < 6.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.006

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f

Patch

https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9

Patch

https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f

Patch

https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a

Patch

https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7

Patch

https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52754

EUVD