PT-2023-3346 · Linux+3 · Linux Kernel+3

Zheng Wang

Published

2023-04-10

Updated

2024-04-15

CVE-2023-35826

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.2

Description The issue is related to a use-after-free vulnerability in the cedrus remove() function in the drivers/staging/media/sunxi/cedrus/cedrus.c module of the Linux kernel. This vulnerability is caused by a race condition due to concurrent access to a resource, allowing an attacker to potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 6.3.2, update to version 6.3.2 or later to resolve the issue. As a temporary workaround, consider disabling the cedrus remove() function until a patch is available. Restrict access to the vulnerable module drivers/staging/media/sunxi/cedrus/cedrus.c to minimize the risk of exploitation.

Fix

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALT-PU-2023-1878

ALT-PU-2023-1881

ALT-PU-2023-4663

ALT-PU-2024-4263

ALT-PU-2024-4843

AZL-27243

AZL-27331

BDU:2023-03502

CVE-2023-35826

USN-6283-1

Affected Products

Alt Linux

Linux Kernel

Red Os

Ubuntu

PT-2023-3346 · Linux+3 · Linux Kernel+3

CVE-2023-35826

Weakness Enumeration

Related Identifiers

Affected Products

References · 31