In the Linux kernel, the following vulnerability has been resolved:
fbdev: Fix invalid page access after closing deferred I/O devices
When a fbdev with deferred I/O is once opened and closed, the dirty
pages still remain queued in the pageref list, and eventually later
those may be processed in the delayed work. This may lead to a
corruption of pages, hitting an Oops.
This patch makes sure to cancel the delayed work and clean up the
pageref list at closing the device for addressing the bug. A part of
the cleanup code is factored out as a new helper function that is
called from the common fb_release().
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-05-21T15:22:57.282Z
Updated: 2024-11-04T14:51:37.911Z
Reserved: 2024-05-21T15:19:24.232Z
Link: CVE-2023-52731
Vulnrichment
Updated: 2024-08-02T23:11:35.499Z
NVD
Status : Awaiting Analysis
Published: 2024-05-21T16:15:13.237
Modified: 2024-05-21T16:53:56.550
Link: CVE-2023-52731
Redhat