GHSA-mr7q-47cq-r2xm

Опубликовано: 24 дек. 2025

Источник: github

Github: Не прошло ревью

Описание

In the Linux kernel, the following vulnerability has been resolved:

phy: tegra: xusb: Clear the driver reference in usb-phy dev

For the dual-role port, it will assign the phy dev to usb-phy dev and use the port dev driver as the dev driver of usb-phy.

When we try to destroy the port dev, it will destroy its dev driver as well. But we did not remove the reference from usb-phy dev. This might cause the use-after-free issue in KASAN.

In the Linux kernel, the following vulnerability has been resolved:

phy: tegra: xusb: Clear the driver reference in usb-phy dev

For the dual-role port, it will assign the phy dev to usb-phy dev and use the port dev driver as the dev driver of usb-phy.

When we try to destroy the port dev, it will destroy its dev driver as well. But we did not remove the reference from usb-phy dev. This might cause the use-after-free issue in KASAN.

Ссылки

EPSS

Процентиль: 7%

0.00026

Низкий

CVE ID

CVE-2023-54083

Связанные уязвимости

CVE-2023-54083

ubuntu

около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, it will assign the phy dev to usb-phy dev and use the port dev driver as the dev driver of usb-phy. When we try to destroy the port dev, it will destroy its dev driver as well. But we did not remove the reference from usb-phy dev. This might cause the use-after-free issue in KASAN.