PT-2023-3346 · Linux+3 · Linux Kernel+3

Zheng Wang

Publicado

2023-04-10

Atualizado

2024-04-15

CVE-2023-35826

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.2

Description The issue is related to a use-after-free vulnerability in the cedrus remove() function in the drivers/staging/media/sunxi/cedrus/cedrus.c module of the Linux kernel. This vulnerability is caused by a race condition due to concurrent access to a resource, allowing an attacker to potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 6.3.2, update to version 6.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the cedrus remove() function until a patch is available. Restrict access to the vulnerable module drivers/staging/media/sunxi/cedrus/cedrus.c to minimize the risk of exploitation.

Correção

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2023-1878

ALT-PU-2023-1881

ALT-PU-2023-4663

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-27243

AZL-27331

BDU:2023-03502

CVE-2023-35826

USN-6283-1

Produtos afetados

Alt Linux

Linux Kernel

Red Os

Ubuntu

PT-2023-3346 · Linux+3 · Linux Kernel+3

CVE-2023-35826

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31