CVE-2023-52457

HIGH

Linux Kernel 5.4.225-5.4.267 - Use-After-Free in 8250 UART Driver

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to trigger a use-after-free. So replace the error return (and with it the little helpful error message) by a more useful error message and continue to cleanup.

References (8)

Core 8

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (22)
Linux/Linux < 6.1
Linux/Linux 02eed6390dbe61115f3e3f63829c95c611aee67b
Linux/Linux 2d66412563ef8953e2bac2d98d2d832b3f3f49cd - b502fb43f7fb55aaf07f6092ab44657595214b93
Linux/Linux 5.10.156 - 5.10.209
Linux/Linux 5.10.209 - 5.10.*
Linux/Linux 5.15.148 - 5.15.*
Linux/Linux 5.15.80 - 5.15.148
Linux/Linux 5.4.225 - 5.4.268
Linux/Linux 5.4.268 - 5.4.*
Linux/Linux 6.0.10 - 6.1
... and 12 more
Published Feb 23, 2024
Tracked Since Feb 18, 2026