PT-2023-2325 · Linux+5 · Linux Kernel+5

Zheng Wang

·

Publicado

2023-03-12

·

Atualizado

2024-11-21

·

CVE-2023-30772

CVSS v3.1

6.4

Média

VetorAV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.9
Description The issue is related to a race condition and resultant use-after-free in the drivers/power/supply/da9150-charger.c driver of the Linux kernel. This occurs when a physically proximate attacker unplugs a device, potentially leading to a denial of service. The vulnerability is associated with the da9150 charger remove() function and the use of shared resources.
Recommendations For Linux kernel versions prior to 6.2.9, update to version 6.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the da9150-charger.c driver to minimize the risk of exploitation.

Correção

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2023-1542
ALT-PU-2023-1650
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-26308
BDU:2023-02090
CVE-2023-30772
DLA-3403-1
MGASA-2023-0148
MGASA-2023-0149
OESA-2023-1265
OESA-2023-1266
OESA-2023-1267
OESA-2023-1268
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
SUSE-SU-2023:2140-1
SUSE-SU-2023:2141-1
SUSE-SU-2023:2146-1
SUSE-SU-2023:2147-1
SUSE-SU-2023:2148-1
SUSE-SU-2023:2151-1
SUSE-SU-2023:2156-1
SUSE-SU-2023:2162-1
SUSE-SU-2023:2163-1
SUSE-SU-2023:2231-1
SUSE-SU-2023:2232-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6175-1
USN-6186-1
USN-6284-1
USN-6300-1
USN-6301-1
USN-6311-1
USN-6312-1
USN-6314-1
USN-6331-1
USN-6332-1
USN-6337-1
USN-6347-1

Produtos afetados

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu