CVE-2023-52754

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the imon driver in the Linux kernel, which probes two USB interfaces. At the probe of the second interface, the driver assumes the first interface is bound with the same imon driver, which may not always be true, especially if the first interface is bound with another driver via a malformed descriptor. This can lead to memory corruption, as the imon driver accesses data from drvdata as a struct imon context object, which may be a completely different one assigned by another driver. A patch adds a sanity check to avoid this problem by verifying whether the first interface is really bound with the imon driver.

Recommendations To resolve the issue, apply the patch that adds a sanity check to verify whether the first interface is bound with the imon driver. This patch is described as "media: imon: fix access to invalid resource for the second interface" and is intended to prevent memory corruption by ensuring the imon driver only accesses data from the correct interface.