7.8

CVE-2023-53003

EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info

In the Linux kernel, the following vulnerability has been resolved:

EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info

The memory for llcc_driv_data is allocated by the LLCC driver. But when
it is passed as the private driver info to the EDAC core, it will get freed
during the qcom_edac driver release. So when the qcom_edac driver gets probed
again, it will try to use the freed data leading to the use-after-free bug.

Hence, do not pass llcc_driv_data as pvt_info but rather reference it
using the platform_data pointer in the qcom_edac driver.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.20 < 5.4.231
LinuxLinux Kernel Version >= 5.5 < 5.10.166
LinuxLinux Kernel Version >= 5.11 < 5.15.91
LinuxLinux Kernel Version >= 5.16 < 6.1.9
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
LinuxLinux Kernel Version6.2 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.156
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/66e10d5f399629ef7877304d9ba2b35d0474e7eb
Patch
https://git.kernel.org/stable/c/76d9ebb7f0bc10fbc78b6d576751552edf743968
Patch
https://git.kernel.org/stable/c/bff5243bd32661cf9ce66f6d9210fc8f89bda145
Patch
https://git.kernel.org/stable/c/6f0351d0c311951b8b3064db91e61841e85b2b96
Patch
https://git.kernel.org/stable/c/977c6ba624f24ae20cf0faee871257a39348d4a9
Patch