PT-2023-2325 · Linux+5 · Linux Kernel+5

Zheng Wang

·

Published

2023-03-12

·

Updated

2024-11-21

·

CVE-2023-30772

CVSS v3.1

6.4

Medium

VectorAV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.9
Description The issue is related to a race condition and resultant use-after-free in the drivers/power/supply/da9150-charger.c driver of the Linux kernel. This occurs when a physically proximate attacker unplugs a device, potentially leading to a denial of service. The vulnerability is associated with the da9150 charger remove() function and the use of shared resources.
Recommendations For Linux kernel versions prior to 6.2.9, update to version 6.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the da9150-charger.c driver to minimize the risk of exploitation.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2023-1542
ALT-PU-2023-1650
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-26308
BDU:2023-02090
CVE-2023-30772
DLA-3403-1
MGASA-2023-0148
MGASA-2023-0149
OESA-2023-1265
OESA-2023-1266
OESA-2023-1267
OESA-2023-1268
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2871-1
SUSE-SU-2023:2140-1
SUSE-SU-2023:2141-1
SUSE-SU-2023:2146-1
SUSE-SU-2023:2147-1
SUSE-SU-2023:2148-1
SUSE-SU-2023:2151-1
SUSE-SU-2023:2156-1
SUSE-SU-2023:2162-1
SUSE-SU-2023:2163-1
SUSE-SU-2023:2231-1
SUSE-SU-2023:2232-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2871-1
USN-6175-1
USN-6186-1
USN-6284-1
USN-6300-1
USN-6301-1
USN-6311-1
USN-6312-1
USN-6314-1
USN-6331-1
USN-6332-1
USN-6337-1
USN-6347-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu