PT-2023-3345 · Linux+6 · Linux Kernel+6

Published

2023-03-23

·

Updated

2024-10-21

·

CVE-2023-35828

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.2
Description A use-after-free issue was found in the renesas usb3 remove() function in the drivers/usb/gadget/udc/renesas usb3.c module of the Linux kernel's USB device driver. This issue is related to a race condition that allows for the reuse of previously freed memory, potentially impacting the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 6.3.2, update to version 6.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the renesas usb3 remove() function until a patch is available.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2023-1878
ALT-PU-2023-1881
ALT-PU-2023-2038
ALT-PU-2023-4663
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-27247
BDU:2023-03501
CVE-2023-35828
DLA-3508-1
MGASA-2023-0201
MGASA-2023-0202
OESA-2023-1393
OESA-2023-1394
OESA-2023-1395
OESA-2023-1396
OESA-2023-1397
OPENSUSE-SU-2023_2859-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_2892-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2820-1
SUSE-SU-2023:2831-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:2892-1
USN-6283-1
USN-6300-1
USN-6311-1
USN-6332-1
USN-6340-1
USN-6340-2
USN-6347-1
USN-6349-1
USN-6357-1
USN-6397-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu