PT-2023-3343 · Linux+9 · Linux Kernel+9

Zheng Wang

·

Published

2023-04-11

·

Updated

2024-11-21

·

CVE-2023-35823

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.2
Description The issue is related to a use-after-free in the saa7134 finidev() function in the Philips SAA7134 driver, located in drivers/media/pci/saa7134/saa7134-core.c. This is due to a race condition caused by concurrent access to a resource. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 6.3.2, update to version 6.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the saa7134 finidev() function in the affected driver until a patch is available.

Fix

DoS

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2023:7077
ALT-PU-2023-1878
ALT-PU-2023-1881
ALT-PU-2023-4663
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27245
BDU:2023-03499
CESA-2023_6901
CESA-2023_7077
CVE-2023-35823
DLA-3508-1
DLA-3623-1
MGASA-2023-0201
MGASA-2023-0202
OESA-2023-1393
OESA-2023-1394
OESA-2023-1395
OESA-2023-1396
OESA-2023-1397
OPENSUSE-SU-2023_2859-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_2892-1
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023_6901
RHSA-2023_7077
RHSA-2024:0412
RHSA-2024:0575
SUSE-SU-2023:2782-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2820-1
SUSE-SU-2023:2831-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:2892-1
USN-6283-1
USN-6300-1
USN-6311-1
USN-6332-1
USN-6340-1
USN-6340-2
USN-6347-1
USN-6349-1
USN-6357-1
USN-6397-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu