CVE-2023-53003

EPSS 0.02%
Veröffentlicht 27.03.2025 16:43:35
Zuletzt bearbeitet 01.04.2025 15:39:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info

The memory for llcc_driv_data is allocated by the LLCC driver. But when
it is passed as the private driver info to the EDAC core, it will get freed
during the qcom_edac driver release. So when the qcom_edac driver gets probed
again, it will try to use the freed data leading to the use-after-free bug.

Hence, do not pass llcc_driv_data as pvt_info but rather reference it
using the platform_data pointer in the qcom_edac driver.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.231

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.166

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.91

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.9

Linux ≫ Linux Kernel Version6.2 Updaterc1

Linux ≫ Linux Kernel Version6.2 Updaterc2

Linux ≫ Linux Kernel Version6.2 Updaterc3

Linux ≫ Linux Kernel Version6.2 Updaterc4

Linux ≫ Linux Kernel Version6.2 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/66e10d5f399629ef7877304d9ba2b35d0474e7eb

Patch

https://git.kernel.org/stable/c/76d9ebb7f0bc10fbc78b6d576751552edf743968

Patch

https://git.kernel.org/stable/c/bff5243bd32661cf9ce66f6d9210fc8f89bda145

Patch

https://git.kernel.org/stable/c/6f0351d0c311951b8b3064db91e61841e85b2b96

Patch

https://git.kernel.org/stable/c/977c6ba624f24ae20cf0faee871257a39348d4a9

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53003

EUVD