CVE-2023-52445

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52445

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52445.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-52445

Downstream

BELL-CVE-2023-52445

DEBIAN-CVE-2023-52445

DLA-3840-1

DLA-3841-1

OESA-2024-1296

OESA-2024-1297

OESA-2024-1344

OESA-2024-1347

OESA-2024-1348

OESA-2024-1349

RHSA-2024:3618

RHSA-2024:3627

RHSA-2024:9315

SUSE-SU-2024:0855-1

SUSE-SU-2024:0856-1

SUSE-SU-2024:0857-1

SUSE-SU-2024:0858-1

SUSE-SU-2024:0900-1

SUSE-SU-2024:0900-2

SUSE-SU-2024:0910-1

SUSE-SU-2024:0925-1

SUSE-SU-2024:0926-1

SUSE-SU-2024:0975-1

SUSE-SU-2024:0976-1

SUSE-SU-2024:0977-1

SUSE-SU-2024:1669-1

UBUNTU-CVE-2023-52445

USN-6688-1

USN-6725-1

USN-6725-2

USN-6726-1

USN-6726-2

USN-6726-3

USN-6739-1

USN-6740-1

USN-6818-1

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-3

USN-6819-4

Related

Published

2024-02-22T17:15:08Z

Modified

2025-08-09T20:01:28Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

media: pvrusb2: fix use after free on context disconnection

Upon module load, a kthread is created targeting the pvr2contextthreadfunc function, which may call pvr2contextdestroy and thus call kfree() on the context object. However, that might happen before the usb hubevent handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.

References

Affected packages