In the Linux kernel, the following vulnerability has been resolved:
Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction()
The putdevice() calls rmireleasefunction() which frees "fn" so the dereference on the next line "fn->numofirqs" is a use after free. Move the putdevice() to the end to fix this.
{ "vanir_signatures": [ { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc56c4d17721dcb10ad4e9c9266e449be1462683", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-09eddc0d" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c71e065befb2fae8f1461559b940c04e1071bd5", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-395591f4" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@303766bb92c5c225cf40f9bbbe7e29749406e2f2", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-44227e83" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c8e639f5743cf4b01f8c65e0df075fe4d782b585", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-55b1a6b1" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50d12253666195a14c6cd2b81c376e2dbeedbdff", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-5faa7cf8" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f236d8638f5b43e0c72919a6a27fe286c32053f", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-778a8cbf" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb988e46da2e4eae89f5337e047ce372fe33d5b1", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-7c8fcd74" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-8b6c95c6" }, { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-a069a496" }, { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c71e065befb2fae8f1461559b940c04e1071bd5", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-aab97f74" }, { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb988e46da2e4eae89f5337e047ce372fe33d5b1", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-ae72b349" }, { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2f236d8638f5b43e0c72919a6a27fe286c32053f", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-b33d5892" }, { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c8e639f5743cf4b01f8c65e0df075fe4d782b585", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-c7548486" }, { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@303766bb92c5c225cf40f9bbbe7e29749406e2f2", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-d513254f" }, { "digest": { "length": 342.0, "function_hash": "272890153754048379316104701555899070441" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50d12253666195a14c6cd2b81c376e2dbeedbdff", "signature_type": "Function", "target": { "function": "rmi_unregister_function", "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-d7f1f50a" }, { "digest": { "line_hashes": [ "287963004255749058524495008053683094215", "46817379458443601714585986017403497650", "325502471223118149687231163009465900366", "287616710378547861976864430569432356450", "159848072451763308198701145535963151421", "245982670226936608868655904097605834572" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc56c4d17721dcb10ad4e9c9266e449be1462683", "signature_type": "Line", "target": { "file": "drivers/input/rmi4/rmi_bus.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2023-52840-dc199f32" } ] }