CVE-2023-54310

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the mptlan driver within the Linux kernel. This flaw occurs in the mptlan remove() function due to a race condition. Specifically, the mptlan probe() function initializes a workqueue, and mpt lan wake post buckets task() starts the work. During driver unloading, a race condition can occur where the device's memory is freed while the workqueue is still accessing it, leading to a use-after-free condition. The issue is triggered when mptlan remove() calls free netdev() which then frees the device memory. The workqueue then attempts to access the freed memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.