CVE-2023-53235

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free (UAF) vulnerability exists in the Linux kernel's drm/tests module. Specifically, when using the drm kunit helper alloc drm device() function, the driver may be dereferenced after it has been freed by kunit-managed resources. This occurs because the device-managed resource cleanup calls drm dev put(), which then dereferences the already freed driver, leading to a UAF condition. The sequence involves allocating a struct device and a DRM driver as kunit-managed resources, and a DRM device as a device-managed resource. Upon cleanup, the kunit resource cleanup frees the DRM driver, and the device-managed cleanup attempts to access the freed driver.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.