CVE-2023-52629

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.3

Description The issue is related to a use-after-free bug in the Linux kernel. This bug occurs because the original code puts flush work() before timer shutdown sync() in switch drv remove(), allowing the worker to be rescheduled in switch timer() and causing a use-after-free bug. The vulnerability can be exploited to access confidential data, disrupt data integrity, and cause a denial of service.

Recommendations To resolve the issue, upgrade the Linux kernel to a version newer than 6.5.3. As a temporary workaround, consider disabling the switch drv remove() function until a patch is available. Restrict access to the vulnerable switch timer() and switch work handler() functions to minimize the risk of exploitation. Avoid using the psw->state variable in the affected code until the issue is resolved.