CVE-2023-53219

HIGH

Linux Kernel 4.3-4.14.315 - Use-After-Free in netup_unidvb DMA Timer Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: media: netup_unidvb: fix use-after-free at del_timer() When Universal DVB card is detaching, netup_unidvb_dma_fini() uses del_timer() to stop dma->timeout timer. But when timer handler netup_unidvb_dma_timeout() is running, del_timer() could not stop it. As a result, the use-after-free bug could happen. The process is shown below: (cleanup routine) | (timer routine) | mod_timer(&dev->tx_sim_timer, ..) netup_unidvb_finidev() | (wait a time) netup_unidvb_dma_fini() | netup_unidvb_dma_timeout() del_timer(&dma->timeout); | | ndev->pci_dev->dev //USE Fix by changing del_timer() to del_timer_sync().

References (8)

Core 8

Scores

CVSS v3 7.8
EPSS 0.0015
EPSS Percentile 4.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (20)
Linux/Linux < 4.3
Linux/Linux 4.14.316 - 4.14.*
Linux/Linux 4.19.284 - 4.19.*
Linux/Linux 4.3
Linux/Linux 5.10.181 - 5.10.*
Linux/Linux 5.15.113 - 5.15.*
Linux/Linux 5.4.244 - 5.4.*
Linux/Linux 52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e - 051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3
Linux/Linux 52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e - 07821524f67bf920342bc84ae8b3dea2a315a89e
Linux/Linux 52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e - 0f5bb36bf9b39a2a96e730bf4455095b50713f63
... and 10 more
Published Sep 15, 2025
Tracked Since Feb 18, 2026