PT-2023-9716 · Linux+7 · Linux Kernel+7

Dan Carpenter

·

Publicado

2023-10-28

·

Atualizado

2025-09-29

·

CVE-2023-52840

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use after free in the rmi unregister function() function. The put device() call frees the fn variable, and the subsequent dereference of fn->num of irqs is a use after free. This can be exploited to potentially elevate privileges in the system. The fix involves moving the put device() call to the end.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2024:7000
ALSA-2024:7001
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-10254
CESA-2024_7000
CESA-2024_7001
CVE-2023-52840
INFSA-2024_7000
INFSA-2024_7001
INFSA-2024_9315
OESA-2024-1677
OESA-2024-1678
OESA-2024-1680
OESA-2024-1682
OPENSUSE-SU-2024_2185-1
OPENSUSE-SU-2024_2189-1
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024:9315
RHSA-2024_7000
RHSA-2024_7001
RHSA-2024_9315
RHSA-2025:8248
RLSA-2024:7001
SUSE-SU-2024:2008-1
SUSE-SU-2024:2010-1
SUSE-SU-2024:2011-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2183-1
SUSE-SU-2024:2185-1
SUSE-SU-2024:2189-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1

Produtos afetados

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse