PT-2023-9704 · Linux+7 · Linux Kernel+7

Zheng Wang

Publicado

2023-09-27

Atualizado

2025-09-29

CVE-2023-52847

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free error in the bttv component of the Linux kernel, specifically due to a race condition between the bttv irq timeout timer function and the bttv remove function. The timer is set up in the probe and there is no timer delete operation in the remove function, which can cause the bttv irq timeout function to still be invoked after the btv object has been freed, leading to a use-after-free bug. This bug was found through static analysis and may be a false positive.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416CWE-362

Identificadores relacionados

ALSA-2024:5101

ALSA-2024:5102

ALSA-2025_16880

BDU:2024-10206

CESA-2024_5101

CESA-2024_5102

CVE-2023-52847

INFSA-2024_5101

INFSA-2024_5102

OESA-2024-1677

OESA-2024-1678

OESA-2024-1680

OESA-2024-1682

OPENSUSE-SU-2024_2189-1

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Produtos afetados

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2023-9704 · Linux+7 · Linux Kernel+7

CVE-2023-52847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3170