7.8

CVE-2023-53316

drm/msm/dp: Free resources after unregistering them

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: Free resources after unregistering them

The DP component's unbind operation walks through the submodules to
unregister and clean things up. But if the unbind happens because the DP
controller itself is being removed, all the memory for those submodules
has just been freed.

Change the order of these operations to avoid the many use-after-free
that otherwise happens in this code path.

Patchwork: https://patchwork.freedesktop.org/patch/542166/
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.10.188
LinuxLinux Kernel Version >= 5.11 < 5.15.121
LinuxLinux Kernel Version >= 5.16 < 6.1.39
LinuxLinux Kernel Version >= 6.2 < 6.3.13
LinuxLinux Kernel Version >= 6.4 < 6.4.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.045
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/c67a55f7cc8d767d624235bf1bcd0947e56abe0f
Patch
https://git.kernel.org/stable/c/3c3f3d35f5e05c468b048eb42a4f8c62c6655692
Patch
https://git.kernel.org/stable/c/4e9f1a2367aea7d61f6781213e25313cd983b0d7
Patch
https://git.kernel.org/stable/c/5c3278db06e332fdc14f3f297499fb88ded264d2
Patch
https://git.kernel.org/stable/c/ca47d0dc00968358c136a1847cfed550cedfd1b5
Patch
https://git.kernel.org/stable/c/fa0048a4b1fa7a50c8b0e514f5b428abdf69a6f8
Patch