CVE-2023-52457
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52457
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52457.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52457
- Related
- Published
- 2024-02-23T15:15:08Z
- Modified
- 2024-09-18T03:24:29.883367Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: omap: Don't skip resource freeing if pmruntimeresumeandget() failed
Returning an error code from .remove() makes the driver core emit the little helpful error message:
remove callback returned a non-zero value. This will be ignored.and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250unregisterport() has the potential to keep enough of the UART around to trigger a use-after-free.
So replace the error return (and with it the little helpful error message) by a more useful error message and continue to cleanup.
- References
-
- https://git.kernel.org/stable/c/828cd829483f0cda920710997aed79130b0af690
- https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b
- https://git.kernel.org/stable/c/95e4e0031effad9837af557ecbfd4294a4d8aeee
- https://git.kernel.org/stable/c/ad90d0358bd3b4554f243a425168fc7cebe7d04e
- https://git.kernel.org/stable/c/b502fb43f7fb55aaf07f6092ab44657595214b93
- https://git.kernel.org/stable/c/bc57f3ef8a9eb0180606696f586a6dcfaa175ed0
- https://git.kernel.org/stable/c/d74173bda29aba58f822175d983d07c8ed335494
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- https://security-tracker.debian.org/tracker/CVE-2023-52457
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.209-1
Affected versions
5.*
5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
5.10.178-1
5.10.178-2
5.10.178-3
5.10.179-1
5.10.179-2
5.10.179-3
5.10.179-4
5.10.179-5
5.10.191-1
5.10.197-1
5.10.205-1
5.10.205-2
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.76-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.6.15-1
Affected versions
6.*
6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1