PT-2023-3344 · Linux+9 · Linux Kernel+9

Zheng Wang

·

Published

2023-04-11

·

Updated

2024-11-21

·

CVE-2023-35824

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.2
Description A use-after-free issue was found in the dm1105 remove() function in the drivers/media/pci/dm1105/dm1105.c module of the Linux kernel. This issue is related to a race condition that allows for the reuse of previously freed memory due to concurrent access to a resource. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 6.3.2, update to version 6.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the dm1105 remove() function until a patch is available. Restrict access to the vulnerable module drivers/media/pci/dm1105/dm1105.c to minimize the risk of exploitation.

Fix

DoS

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2023:7077
ALT-PU-2023-1878
ALT-PU-2023-1881
ALT-PU-2023-4663
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27242
BDU:2023-03500
CESA-2023_6901
CESA-2023_7077
CVE-2023-35824
DLA-3508-1
DLA-3623-1
MGASA-2023-0201
MGASA-2023-0202
OESA-2023-1379
OESA-2023-1380
OESA-2023-1394
OESA-2023-1395
OESA-2023-1396
OPENSUSE-SU-2023_2859-1
RHSA-2023:6901
RHSA-2023:7077
RHSA-2023_6901
RHSA-2023_7077
RHSA-2024:0412
RHSA-2024:0575
SUSE-SU-2023:2804-1
SUSE-SU-2023:2805-1
SUSE-SU-2023:2808-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2822-1
SUSE-SU-2023:2830-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:3333-1
USN-6283-1
USN-6300-1
USN-6311-1
USN-6332-1
USN-6340-1
USN-6340-2
USN-6347-1
USN-6349-1
USN-6357-1
USN-6397-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu