PT-2023-9430 · Linux+4 · Linux Kernel+4

Published

2023-01-09

Updated

2025-09-29

CVE-2023-52907

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the Linux kernel's NFC component, specifically in the pn533 module. This occurs when the in urb sent from pn533 usb send frame() is completed earlier than out urb, and its callback frees the skb data used as a transfer buffer for out urb. To fix this, the kernel now waits for the completion of out urb before sending in urb. The vulnerability was found by a modified version of syzkaller. Technical details include the involvement of pn533 send async complete() and the need to separate the complete function of out urb and ack urb.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-8447

BDU:2024-07454

CVE-2023-52907

OESA-2024-2122

OESA-2024-2123

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3189-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3251-1

SUSE-SU-2024:3252-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9430 · Linux+4 · Linux Kernel+4

CVE-2023-52907

Weakness Enumeration

Related Identifiers

Affected Products

References · 775