PT-2023-9430 · Linux+4 · Linux Kernel+4

Publicado

2023-01-09

Atualizado

2025-09-29

CVE-2023-52907

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the Linux kernel's NFC component, specifically in the pn533 module. This occurs when the in urb sent from pn533 usb send frame() is completed earlier than out urb, and its callback frees the skb data used as a transfer buffer for out urb. To fix this, the kernel now waits for the completion of out urb before sending in urb. The vulnerability was found by a modified version of syzkaller. Technical details include the involvement of pn533 send async complete() and the need to separate the complete function of out urb and ack urb.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2023-8447

BDU:2024-07454

CVE-2023-52907

OESA-2024-2122

OESA-2024-2123

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3189-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3251-1

SUSE-SU-2024:3252-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Produtos afetados

Alt Linux

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9430 · Linux+4 · Linux Kernel+4

CVE-2023-52907

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 775