CVE-2023-52509

HIGH

Linux Kernel 4.2-5.4.258 - Use-After-Free in ravb_tx_timeout_work

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after ravb_remove() was called like below: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call .ndo_stop() so that ravb_stop() is called. And, after phy_stop() is called, netif_carrier_off() is also called. So that .ndo_tx_timeout() will not be called after phy_stop().

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5

Patch

https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82

Patch

https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6

Patch

https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965

Patch

https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705

Patch

https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 15.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (16)

Linux/Linux < 4.2

Linux/Linux 4.2

Linux/Linux 5.10.199 - 5.10.*

Linux/Linux 5.15.136 - 5.15.*

Linux/Linux 5.4.259 - 5.4.*

Linux/Linux 6.1.59 - 6.1.*

Linux/Linux 6.5.8 - 6.5.*

Linux/Linux 6.6

Linux/Linux c156633f1353264634135dea86ffcae74f2122fc - 105abd68ad8f781985113aee2e92e0702b133705

Linux/Linux c156633f1353264634135dea86ffcae74f2122fc - 3971442870713de527684398416970cf025b4f89

... and 6 more

Published Mar 02, 2024

Tracked Since Feb 18, 2026