7.8
CVE-2023-53219
- EPSS 0.15%
- Veröffentlicht 15.09.2025 14:21:47
- Zuletzt bearbeitet 14.01.2026 18:16:30
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
media: netup_unidvb: fix use-after-free at del_timer()
In the Linux kernel, the following vulnerability has been resolved:
media: netup_unidvb: fix use-after-free at del_timer()
When Universal DVB card is detaching, netup_unidvb_dma_fini()
uses del_timer() to stop dma->timeout timer. But when timer
handler netup_unidvb_dma_timeout() is running, del_timer()
could not stop it. As a result, the use-after-free bug could
happen. The process is shown below:
(cleanup routine) | (timer routine)
| mod_timer(&dev->tx_sim_timer, ..)
netup_unidvb_finidev() | (wait a time)
netup_unidvb_dma_fini() | netup_unidvb_dma_timeout()
del_timer(&dma->timeout); |
| ndev->pci_dev->dev //USE
Fix by changing del_timer() to del_timer_sync().Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.3 < 4.14.316
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.284
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.244
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.181
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.113
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.30
Linux ≫ Linux Kernel Version >= 6.2 < 6.3.4
Linux ≫ Linux Kernel Version6.4 Updaterc1
Linux ≫ Linux Kernel Version6.4 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.045 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/dd5c77814f290b353917df329f36de1472d47154
https://git.kernel.org/stable/c/90229e9ee957d4514425e4a4d82c50ab5d57ac4d
https://git.kernel.org/stable/c/1550bcf2983ae1220cc8ab899a39a423fa7cb523
https://git.kernel.org/stable/c/f9982db735a8495eee14267cf193c806b957e942
https://git.kernel.org/stable/c/051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3
https://git.kernel.org/stable/c/07821524f67bf920342bc84ae8b3dea2a315a89e
https://git.kernel.org/stable/c/c8f9c05e1ebcc9c7bc211cc8b74d8fb86a8756fc
https://git.kernel.org/stable/c/0f5bb36bf9b39a2a96e730bf4455095b50713f63