CVE-2023-53638

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue in the octep probe function. If the function fails to retrieve a device's MAC address, it exits while leaving a delayed work item, intr poll task, queued. When this work item later executes, it results in a use-after-free condition. The issue is addressed by moving the cancellation of intr poll task from octep remove to octep device cleanup, ensuring cancellation occurs in the probe error path as well. The cancellation of ctrl mbox task must follow intr poll task’s cancellation because ctrl mbox task may be queued by intr poll task.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.