PT-2023-8761 · Linux+10 · Linux Kernel+10
Syzbot
·
Published
2023-11-23
·
Updated
2025-09-29
·
CVE-2023-52445
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the pvrusb2 module. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when a kthread is created targeting the
pvr2 context thread func function, which may call pvr2 context destroy and thus call kfree() on the context object. However, this might happen before the usb hub event handler is able to notify the driver, leading to a potential use-after-free scenario. A patch has been added to include a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu