CVE-2023-53003

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53003
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53003.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53003
Downstream
Published
2025-03-27T16:43:35.155Z
Modified
2026-04-02T09:43:32.573733Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
Details

In the Linux kernel, the following vulnerability has been resolved:

EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo's pvtinfo

The memory for llccdrivdata is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcomedac driver release. So when the qcomedac driver gets probed again, it will try to use the freed data leading to the use-after-free bug.

Hence, do not pass llccdrivdata as pvtinfo but rather reference it using the platformdata pointer in the qcom_edac driver.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53003.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
27450653f1db0b9d5b5048a246c850c52ee4aa61
Fixed
66e10d5f399629ef7877304d9ba2b35d0474e7eb
Fixed
76d9ebb7f0bc10fbc78b6d576751552edf743968
Fixed
bff5243bd32661cf9ce66f6d9210fc8f89bda145
Fixed
6f0351d0c311951b8b3064db91e61841e85b2b96
Fixed
977c6ba624f24ae20cf0faee871257a39348d4a9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53003.json"