CVE-2023-52445

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52445
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52445.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52445
Downstream
Related
Published
2024-02-22T16:21:37.784Z
Modified
2026-05-15T11:53:48.133359886Z
Summary
media: pvrusb2: fix use after free on context disconnection
Details

In the Linux kernel, the following vulnerability has been resolved:

media: pvrusb2: fix use after free on context disconnection

Upon module load, a kthread is created targeting the pvr2contextthreadfunc function, which may call pvr2contextdestroy and thus call kfree() on the context object. However, that might happen before the usb hubevent handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52445.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.26
Fixed
4.19.306
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.268
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.209
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.148
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.75
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.14
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52445.json"