{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52445", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.291Z", "datePublished": "2024-02-22T16:21:37.784Z", "dateUpdated": "2024-09-11T17:33:51.682Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-28T19:49:33.356Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix use after free on context disconnection\n\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/pvrusb2/pvrusb2-context.c"], "versions": [{"version": "e5be15c63804", "lessThan": "ec36c134dd02", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "47aa8fcd5e8b", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "3233d8bf7893", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "ec3634ebe23f", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "30773ea47d41", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "2cf0005d3155", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "437b5f57732b", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "ded85b0c0edd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/pvrusb2/pvrusb2-context.c"], "versions": [{"version": "2.6.26", "status": "affected"}, {"version": "0", "lessThan": "2.6.26", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.306", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.268", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.209", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab"}, {"url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d"}, {"url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb"}, {"url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08"}, {"url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e"}, {"url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795"}, {"url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c"}, {"url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "title": "media: pvrusb2: fix use after free on context disconnection", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:55:41.783Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52445", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:46.257371Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:51.682Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-52445", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.291Z", "datePublished": "2024-02-22T16:21:37.784Z", "dateUpdated": "2024-08-02T22:55:41.783Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-28T19:49:33.356Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix use after free on context disconnection\n\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/pvrusb2/pvrusb2-context.c"], "versions": [{"version": "e5be15c63804", "lessThan": "ec36c134dd02", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "47aa8fcd5e8b", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "3233d8bf7893", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "ec3634ebe23f", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "30773ea47d41", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "2cf0005d3155", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "437b5f57732b", "status": "affected", "versionType": "git"}, {"version": "e5be15c63804", "lessThan": "ded85b0c0edd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/pvrusb2/pvrusb2-context.c"], "versions": [{"version": "2.6.26", "status": "affected"}, {"version": "0", "lessThan": "2.6.26", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.306", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.268", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.209", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab"}, {"url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d"}, {"url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb"}, {"url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08"}, {"url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e"}, {"url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795"}, {"url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c"}, {"url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "title": "media: pvrusb2: fix use after free on context disconnection", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52445", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:46.257371Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:19.259Z"}, "title": "CISA ADP Vulnrichment"}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A7AEFD0-0681-4E8D-9074-27416D3EE94C", "versionEndExcluding": "4.19.306", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "991BF737-6083-429B-ACD5-FB27D4143E2F", "versionEndExcluding": "5.4.268", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5", "versionEndExcluding": "5.10.209", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B", "versionEndExcluding": "5.15.148", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9", "versionEndExcluding": "6.1.75", "versionStartIncluding": "5.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9", "versionEndExcluding": "6.6.14", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807", "versionEndExcluding": "6.7.2", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix use after free on context disconnection\n\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medios: pvrusb2: corrige el use after free de desconexi\u00f3n de contexto. Al cargar el m\u00f3dulo, se crea un kthread dirigido a la funci\u00f3n pvr2_context_thread_func, que puede llamar a pvr2_context_destroy y, por lo tanto, llamar a kfree() en el objeto de contexto. Sin embargo, eso podr\u00eda suceder antes de que el controlador usb hub_event pueda notificar al controlador. Este parche agrega una verificaci\u00f3n de cordura antes de la lectura no v\u00e1lida reportada por syzbot, dentro de la pila de llamadas de desconexi\u00f3n de contexto."}], "id": "CVE-2023-52445", "lastModified": "2024-06-27T12:15:14.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-22T17:15:08.477", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3627", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3618", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.5.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}], "bugzilla": {"description": "kernel: pvrusb2: fix use after free on context disconnection", "id": "2265654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265654"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: pvrusb2: fix use after free on context disconnection\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available for this vulnerability. Make sure to perform the updates as they become available."}, "name": "CVE-2023-52445", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52445\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52445\nhttps://lore.kernel.org/linux-cve-announce/2024022253-CVE-2023-52445-07a6@gregkh/T/#u"], "threat_severity": "Low"}