CVE-2023-53484

EPSS 0.02%
Veröffentlicht 01.10.2025 12:15:51
Zuletzt bearbeitet 20.01.2026 16:35:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

lib: cpu_rmap: Avoid use after free on rmap->obj array entries

When calling irq_set_affinity_notifier() with NULL at the notify
argument, it will cause freeing of the glue pointer in the
corresponding array entry but will leave the pointer in the array. A
subsequent call to free_irq_cpu_rmap() will try to free this entry again
leading to possible use after free.

Fix that by setting NULL to the array entry and checking that we have
non-zero at the array entry when iterating over the array in
free_irq_cpu_rmap().

The current code does not suffer from this since there are no cases
where irq_set_affinity_notifier(irq, NULL) (note the NULL passed for the
notify arg) is called, followed by a call to free_irq_cpu_rmap() so we
don't hit and issue. Subsequent patches in this series excersize this
flow, hence the required fix.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.8.1 < 4.14.316

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.284

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.244

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.181

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.113

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.30

Linux ≫ Linux Kernel Version >= 6.2 < 6.3.4

Linux ≫ Linux Kernel Version3.8 Update-

Linux ≫ Linux Kernel Version3.8 Updaterc4

Linux ≫ Linux Kernel Version3.8 Updaterc5

Linux ≫ Linux Kernel Version3.8 Updaterc6

Linux ≫ Linux Kernel Version3.8 Updaterc7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/4e0473f1060aa49621d40a113afde24818101d37

Patch

https://git.kernel.org/stable/c/67bca5f1d644f4e79b694abd8052a177de81c37f

Patch

https://git.kernel.org/stable/c/981f339d2905b6a92ef59358158b326493aecac5

Patch

https://git.kernel.org/stable/c/c6ed54dd90698dc0744d669524cc1c122ded8a16

Patch

https://git.kernel.org/stable/c/c9115f49cf260d24d8b5f2d9a4b63cb31a627bb4

Patch

https://git.kernel.org/stable/c/cc2d2b3dbfb0ba57bc027fb7e1121250c50e4000

Patch