CVE-2023-52509
Published: Mar 2, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after ravb_remove() was called like below: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call .ndo_stop() so that ravb_stop() is called. And, after phy_stop() is called, netif_carrier_off() is also called. So that .ndo_tx_timeout() will not be called after phy_stop().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c156633f1353264634135dea86ffcae74f2122fc - < 65d34cfd4e347054eb4193bc95d9da7eaa72dee5affected c156633f1353264634135dea86ffcae74f2122fc - < db9aafa19547833240f58c2998aed7baf414dc82affected c156633f1353264634135dea86ffcae74f2122fc - < 616761cf9df9af838c0a1a1232a69322a9eb67e6affected c156633f1353264634135dea86ffcae74f2122fc - < 6f6fa8061f756aedb93af12a8a5d3cf659127965affected c156633f1353264634135dea86ffcae74f2122fc - < 105abd68ad8f781985113aee2e92e0702b133705+1 more versions |
Linux | Linux | affected 4.2unaffected 0 - < 4.2unaffected 5.4.259 - <= 5.4.*unaffected 5.10.199 - <= 5.10.*unaffected 5.15.136 - <= 5.15.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now