CVE-2023-52509

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52509
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52509.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52509
Downstream
Related
Published
2024-03-02T21:52:22.006Z
Modified
2026-03-14T12:16:47.202818Z
Summary
ravb: Fix use-after-free issue in ravb_tx_timeout_work()
Details

In the Linux kernel, the following vulnerability has been resolved:

ravb: Fix use-after-free issue in ravbtxtimeout_work()

The ravbstop() should call cancelworksync(). Otherwise, ravbtxtimeoutwork() is possible to use the freed priv after ravb_remove() was called like below:

CPU0 CPU1 ravbtxtimeout() ravbremove() unregisternetdev() freenetdev(ndev) // free priv ravbtxtimeoutwork() // use priv

unregisternetdev() will call .ndostop() so that ravbstop() is called. And, after phystop() is called, netifcarrieroff() is also called. So that .ndotxtimeout() will not be called after phy_stop().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52509.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c156633f1353264634135dea86ffcae74f2122fc
Fixed
65d34cfd4e347054eb4193bc95d9da7eaa72dee5
Fixed
db9aafa19547833240f58c2998aed7baf414dc82
Fixed
616761cf9df9af838c0a1a1232a69322a9eb67e6
Fixed
6f6fa8061f756aedb93af12a8a5d3cf659127965
Fixed
105abd68ad8f781985113aee2e92e0702b133705
Fixed
3971442870713de527684398416970cf025b4f89

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52509.json"