CVE-2023-53003
HIGHLinux Kernel 4.20-5.4.230 - Use-After-Free in EDAC/qcom Driver
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info The memory for llcc_driv_data is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug. Hence, do not pass llcc_driv_data as pvt_info but rather reference it using the platform_data pointer in the qcom_edac driver.
References (5)
Core 5
Core References
Scores
CVSS v3
7.8
EPSS
0.0023
EPSS Percentile
13.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (14)
Linux/Linux
< 4.20
Linux/Linux
27450653f1db0b9d5b5048a246c850c52ee4aa61 - 66e10d5f399629ef7877304d9ba2b35d0474e7eb
Linux/Linux
27450653f1db0b9d5b5048a246c850c52ee4aa61 - 6f0351d0c311951b8b3064db91e61841e85b2b96
Linux/Linux
27450653f1db0b9d5b5048a246c850c52ee4aa61 - 76d9ebb7f0bc10fbc78b6d576751552edf743968
Linux/Linux
27450653f1db0b9d5b5048a246c850c52ee4aa61 - 977c6ba624f24ae20cf0faee871257a39348d4a9
Linux/Linux
27450653f1db0b9d5b5048a246c850c52ee4aa61 - bff5243bd32661cf9ce66f6d9210fc8f89bda145
Linux/Linux
4.20
Linux/Linux
5.10.166 - 5.10.*
Linux/Linux
5.15.91 - 5.15.*
Linux/Linux
5.4.231 - 5.4.*
... and 4 more
Published
Mar 27, 2025
Tracked Since
Feb 18, 2026