PT-2023-3345 · Linux+6 · Linux Kernel+6

Publicado

2023-03-23

·

Atualizado

2024-10-21

·

CVE-2023-35828

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.2
Description A use-after-free issue was found in the renesas usb3 remove() function in the drivers/usb/gadget/udc/renesas usb3.c module of the Linux kernel's USB device driver. This issue is related to a race condition that allows for the reuse of previously freed memory, potentially impacting the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 6.3.2, update to version 6.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the renesas usb3 remove() function until a patch is available.

Correção

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2023-1878
ALT-PU-2023-1881
ALT-PU-2023-2038
ALT-PU-2023-4663
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-27247
BDU:2023-03501
CVE-2023-35828
DLA-3508-1
MGASA-2023-0201
MGASA-2023-0202
OESA-2023-1393
OESA-2023-1394
OESA-2023-1395
OESA-2023-1396
OESA-2023-1397
OPENSUSE-SU-2023_2859-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_2892-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2820-1
SUSE-SU-2023:2831-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:2892-1
USN-6283-1
USN-6300-1
USN-6311-1
USN-6332-1
USN-6340-1
USN-6340-2
USN-6347-1
USN-6349-1
USN-6357-1
USN-6397-1

Produtos afetados

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu