CVE-2023-53805

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the n gsm module. Specifically, the gsm->dlci pointer in the gsm cleanup mux() function is not properly cleared, leading to a dangling pointer after gsm dlci release(). This can result in a use-after-free condition when gsm->dlci[0] is accessed after being freed. The issue occurs during the execution of gsm cleanup mux(), as demonstrated in the provided call trace. The vulnerability is triggered through the gsmld ioctl() function, which is part of the tty ioctl() system call. The vulnerability is allocated by task 3501 and freed by the same task.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.