7.8
CVE-2023-53484
- EPSS 0.15%
- Veröffentlicht 01.10.2025 12:15:51
- Zuletzt bearbeitet 20.01.2026 16:35:24
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
In the Linux kernel, the following vulnerability has been resolved: lib: cpu_rmap: Avoid use after free on rmap->obj array entries When calling irq_set_affinity_notifier() with NULL at the notify argument, it will cause freeing of the glue pointer in the corresponding array entry but will leave the pointer in the array. A subsequent call to free_irq_cpu_rmap() will try to free this entry again leading to possible use after free. Fix that by setting NULL to the array entry and checking that we have non-zero at the array entry when iterating over the array in free_irq_cpu_rmap(). The current code does not suffer from this since there are no cases where irq_set_affinity_notifier(irq, NULL) (note the NULL passed for the notify arg) is called, followed by a call to free_irq_cpu_rmap() so we don't hit and issue. Subsequent patches in this series excersize this flow, hence the required fix.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.8.1 < 4.14.316
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.284
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.244
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.181
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.113
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.30
Linux ≫ Linux Kernel Version >= 6.2 < 6.3.4
Linux ≫ Linux Kernel Version3.8 Update-
Linux ≫ Linux Kernel Version3.8 Updaterc4
Linux ≫ Linux Kernel Version3.8 Updaterc5
Linux ≫ Linux Kernel Version3.8 Updaterc6
Linux ≫ Linux Kernel Version3.8 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.045 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/4e0473f1060aa49621d40a113afde24818101d37
https://git.kernel.org/stable/c/67bca5f1d644f4e79b694abd8052a177de81c37f
https://git.kernel.org/stable/c/981f339d2905b6a92ef59358158b326493aecac5
https://git.kernel.org/stable/c/c6ed54dd90698dc0744d669524cc1c122ded8a16
https://git.kernel.org/stable/c/c9115f49cf260d24d8b5f2d9a4b63cb31a627bb4
https://git.kernel.org/stable/c/cc2d2b3dbfb0ba57bc027fb7e1121250c50e4000
https://git.kernel.org/stable/c/d1308bd0b24cb1d78fa2747d5fa3e055cc628a48
https://git.kernel.org/stable/c/f748e15253833b771acbede14ea98f50831ac289