CVE-2023-53515

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the lifecycle management of vm dev within the virtio-mmio subsystem. Specifically, using devres for allocating the vm dev structure breaks its intended lifecycle protection. This results in premature memory freeing when the platform device is removed, leading to a use-after-free condition when the vm dev release callback is eventually invoked. The issue arises because vm dev has a separate lifecycle due to the embedded 'struct device', and devres bypasses the expected release callback sequence. The fix involves avoiding the use of devres in this specific case.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.