-

CVE-2023-53484

EPSS 0.03%
Veröffentlicht 01.10.2025 12:15:51
Zuletzt bearbeitet 02.10.2025 19:12:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

lib: cpu_rmap: Avoid use after free on rmap->obj array entries

When calling irq_set_affinity_notifier() with NULL at the notify
argument, it will cause freeing of the glue pointer in the
corresponding array entry but will leave the pointer in the array. A
subsequent call to free_irq_cpu_rmap() will try to free this entry again
leading to possible use after free.

Fix that by setting NULL to the array entry and checking that we have
non-zero at the array entry when iterating over the array in
free_irq_cpu_rmap().

The current code does not suffer from this since there are no cases
where irq_set_affinity_notifier(irq, NULL) (note the NULL passed for the
notify arg) is called, followed by a call to free_irq_cpu_rmap() so we
don't hit and issue. Subsequent patches in this series excersize this
flow, hence the required fix.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 981f339d2905b6a92ef59358158b326493aecac5

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d1308bd0b24cb1d78fa2747d5fa3e055cc628a48

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < cc2d2b3dbfb0ba57bc027fb7e1121250c50e4000

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < f748e15253833b771acbede14ea98f50831ac289

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < c6ed54dd90698dc0744d669524cc1c122ded8a16

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < c9115f49cf260d24d8b5f2d9a4b63cb31a627bb4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 67bca5f1d644f4e79b694abd8052a177de81c37f

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 4e0473f1060aa49621d40a113afde24818101d37

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 4.14.*

Version 4.14.316

Status unaffected

Version <= 4.19.*

Version 4.19.284

Status unaffected

Version <= 5.4.*

Version 5.4.244

Status unaffected

Version <= 5.10.*

Version 5.10.181

Status unaffected

Version <= 5.15.*

Version 5.15.113

Status unaffected

Version <= 6.1.*

Version 6.1.30

Status unaffected

Version <= 6.3.*

Version 6.3.4

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.081

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/4e0473f1060aa49621d40a113afde24818101d37

https://git.kernel.org/stable/c/67bca5f1d644f4e79b694abd8052a177de81c37f

https://git.kernel.org/stable/c/981f339d2905b6a92ef59358158b326493aecac5

https://git.kernel.org/stable/c/c6ed54dd90698dc0744d669524cc1c122ded8a16

https://git.kernel.org/stable/c/c9115f49cf260d24d8b5f2d9a4b63cb31a627bb4

https://git.kernel.org/stable/c/cc2d2b3dbfb0ba57bc027fb7e1121250c50e4000

https://git.kernel.org/stable/c/d1308bd0b24cb1d78fa2747d5fa3e055cc628a48

https://git.kernel.org/stable/c/f748e15253833b771acbede14ea98f50831ac289

https://nvd.nist.gov/vuln/detail/CVE-2023-53484

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53484

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53484

EUVD