| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052111-CVE-2023-52840-8a3d@gregkh> Date: Tue, 21 May 2024 17:32:16 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52840: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() Description =========== In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. Move the put_device() to the end to fix this. The Linux kernel CVE team has assigned CVE-2023-52840 to this issue. Affected and fixed versions =========================== Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 4.19.299 with commit 2f236d8638f5 Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 5.4.261 with commit 50d122536661 Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 5.10.201 with commit 6c71e065befb Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 5.15.139 with commit 303766bb92c5 Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 6.1.63 with commit 7082b1fb5321 Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 6.5.12 with commit cc56c4d17721 Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 6.6.2 with commit c8e639f5743c Issue introduced in 4.18 with commit 24d28e4f1271 and fixed in 6.7 with commit eb988e46da2e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52840 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/input/rmi4/rmi_bus.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5 https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2 https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683 https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585 https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1
Powered by blists - more mailing lists