In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed
Returning an error code from .remove() makes the driver core emit the
little helpful error message:
remove callback returned a non-zero value. This will be ignored.
and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.
So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-02-23T14:46:19.772Z
Updated: 2024-09-11T17:33:47.687Z
Reserved: 2024-02-20T12:30:33.294Z
Link: CVE-2023-52457
Vulnrichment
Updated: 2024-09-11T12:42:18.763Z
NVD
Status : Analyzed
Published: 2024-02-23T15:15:08.290
Modified: 2024-08-27T15:26:27.347
Link: CVE-2023-52457
Redhat
No data.