CVE-2023-52475
Published: Feb 29, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 8677575c4f39d65bf0d719b5d20e8042e550ccb9affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 67cace72606baf1758fd60feb358f4c6be92e1ccaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 5aa514100aaf59868d745196258269a16737c7bdaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < cd2fbfd8b922b7fdd50732e47d797754ab59cb06affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 6a4a396386404e62fb59bc3bde48871a64a82b4f+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.14.328 - <= 4.14.*unaffected 4.19.297 - <= 4.19.*unaffected 5.4.259 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now