{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53219", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-15T14:19:21.845Z", "datePublished": "2025-09-15T14:21:47.459Z", "dateUpdated": "2025-09-15T14:21:47.459Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-15T14:21:47.459Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: netup_unidvb: fix use-after-free at del_timer()\n\nWhen Universal DVB card is detaching, netup_unidvb_dma_fini()\nuses del_timer() to stop dma->timeout timer. But when timer\nhandler netup_unidvb_dma_timeout() is running, del_timer()\ncould not stop it. As a result, the use-after-free bug could\nhappen. The process is shown below:\n\n (cleanup routine) | (timer routine)\n | mod_timer(&dev->tx_sim_timer, ..)\nnetup_unidvb_finidev() | (wait a time)\n netup_unidvb_dma_fini() | netup_unidvb_dma_timeout()\n del_timer(&dma->timeout); |\n | ndev->pci_dev->dev //USE\n\nFix by changing del_timer() to del_timer_sync()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/netup_unidvb/netup_unidvb_core.c"], "versions": [{"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "dd5c77814f290b353917df329f36de1472d47154", "status": "affected", "versionType": "git"}, {"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "90229e9ee957d4514425e4a4d82c50ab5d57ac4d", "status": "affected", "versionType": "git"}, {"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "1550bcf2983ae1220cc8ab899a39a423fa7cb523", "status": "affected", "versionType": "git"}, {"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "f9982db735a8495eee14267cf193c806b957e942", "status": "affected", "versionType": "git"}, {"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3", "status": "affected", "versionType": "git"}, {"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "07821524f67bf920342bc84ae8b3dea2a315a89e", "status": "affected", "versionType": "git"}, {"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "c8f9c05e1ebcc9c7bc211cc8b74d8fb86a8756fc", "status": "affected", "versionType": "git"}, {"version": "52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e", "lessThan": "0f5bb36bf9b39a2a96e730bf4455095b50713f63", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/pci/netup_unidvb/netup_unidvb_core.c"], "versions": [{"version": "4.3", "status": "affected"}, {"version": "0", "lessThan": "4.3", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.316", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.284", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.244", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.181", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.113", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.30", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.4", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.14.316"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "4.19.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.4.244"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.10.181"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "5.15.113"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.1.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.3.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.3", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/dd5c77814f290b353917df329f36de1472d47154"}, {"url": "https://git.kernel.org/stable/c/90229e9ee957d4514425e4a4d82c50ab5d57ac4d"}, {"url": "https://git.kernel.org/stable/c/1550bcf2983ae1220cc8ab899a39a423fa7cb523"}, {"url": "https://git.kernel.org/stable/c/f9982db735a8495eee14267cf193c806b957e942"}, {"url": "https://git.kernel.org/stable/c/051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3"}, {"url": "https://git.kernel.org/stable/c/07821524f67bf920342bc84ae8b3dea2a315a89e"}, {"url": "https://git.kernel.org/stable/c/c8f9c05e1ebcc9c7bc211cc8b74d8fb86a8756fc"}, {"url": "https://git.kernel.org/stable/c/0f5bb36bf9b39a2a96e730bf4455095b50713f63"}], "title": "media: netup_unidvb: fix use-after-free at del_timer()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: netup_unidvb: fix use-after-free at del_timer()\n\nWhen Universal DVB card is detaching, netup_unidvb_dma_fini()\nuses del_timer() to stop dma->timeout timer. But when timer\nhandler netup_unidvb_dma_timeout() is running, del_timer()\ncould not stop it. As a result, the use-after-free bug could\nhappen. The process is shown below:\n\n (cleanup routine) | (timer routine)\n | mod_timer(&dev->tx_sim_timer, ..)\nnetup_unidvb_finidev() | (wait a time)\n netup_unidvb_dma_fini() | netup_unidvb_dma_timeout()\n del_timer(&dma->timeout); |\n | ndev->pci_dev->dev //USE\n\nFix by changing del_timer() to del_timer_sync()."}], "id": "CVE-2023-53219", "lastModified": "2025-09-15T15:22:27.090", "metrics": {}, "published": "2025-09-15T15:15:48.623", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/07821524f67bf920342bc84ae8b3dea2a315a89e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0f5bb36bf9b39a2a96e730bf4455095b50713f63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1550bcf2983ae1220cc8ab899a39a423fa7cb523"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/90229e9ee957d4514425e4a4d82c50ab5d57ac4d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c8f9c05e1ebcc9c7bc211cc8b74d8fb86a8756fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dd5c77814f290b353917df329f36de1472d47154"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f9982db735a8495eee14267cf193c806b957e942"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}