AZL-78377

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78377.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-78377

Upstream

CVE-2023-54207

Published

2025-12-30T13:16:08Z

Modified

2026-04-01T05:23:14.203307Z

Summary

CVE-2023-54207 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: uclogic: Correct devm device reference for hidinput input_dev name

Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free when the input_dev was unregistered and subsequently fires a uevent that depends on the name. At the point of firing the uevent, the name would be freed by devres management.

Use devmkasprintf to simplify the logic for allocating memory and formatting the inputdev name string.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-54207

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78377.json"