CVE-2023-52457

Published Feb 23, 2024

Last updated 6 months ago

CVSS high 7.8

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to trigger a use-after-free. So replace the error return (and with it the little helpful error message) by a more useful error message and continue to cleanup.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC047956-45DC-4BAB-85FD-030B6A3099E6",
            "versionEndExcluding": "5.4.268",
            "versionStartIncluding": "5.4.225"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1E2138B-797C-4020-BF46-CA24B8E1AEA9",
            "versionEndExcluding": "5.10.209",
            "versionStartIncluding": "5.10.156"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "896A2B67-F32A-4E2A-B9F9-FF76186EF44B",
            "versionEndExcluding": "5.15.148",
            "versionStartIncluding": "5.15.80"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F456658-DE6E-4F73-979D-3E6A82AB47C6",
            "versionEndExcluding": "6.1.75",
            "versionStartIncluding": "6.0.10"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C6B50A6-3D8B-4CE2-BDCC-A098609CBA14",
            "versionEndExcluding": "6.6.14",
            "versionStartIncluding": "6.2"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E",
            "versionEndExcluding": "6.7.2",
            "versionStartIncluding": "6.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References