Описание
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-35825
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7
- https://lore.kernel.org/all/20230523164950.435226211@linuxfoundation.org
- https://lore.kernel.org/lkml/20230501030540.3254928-4-sashal@kernel.org
CVE ID
Связанные уязвимости
A race condition was found in the Linux kernel's r592 device driver, when removing the module before cleanup in the r592_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate is a reservation duplicate of CVE-2023-3141. Notes: All CVE users should reference CVE-2023-3141 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Уязвимость функции r592_remove в драйвере устройства r592 ядра операционной системы Linux, позволяющая нарушителю привести к сбою системы или другому неопределенному поведению
ELSA-2023-6583: kernel security, bug fix, and enhancement update (IMPORTANT)
ELSA-2023-7077: kernel security, bug fix, and enhancement update (IMPORTANT)