In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Fix duplicated list deletion
The list deletion call dropped here is already called from the helper function in the line before. Having a second listdel() call results in either a warning (with CONFIGDEBUG_LIST=y):
listdel corruption, c46c8198->next is LISTPOISON1 (00000100)
If CONFIGDEBUGLIST is disabled the operation results in a kernel error due to NULL pointer dereference.
{ "vanir_signatures": [ { "digest": { "length": 673.0, "function_hash": "312727021452839136689790239100327315326" }, "id": "CVE-2023-52459-0adb2fcc", "signature_version": "v1", "deprecated": false, "signature_type": "Function", "target": { "function": "v4l2_async_unregister_subdev", "file": "drivers/media/v4l2-core/v4l2-async.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2" }, { "digest": { "line_hashes": [ "144818502249641348033395686373518946323", "235509503961851575746878392358304277558", "318888434849942791287399737870775019716", "215832408338834780656025404117335188470" ], "threshold": 0.9 }, "id": "CVE-2023-52459-0d4e6b83", "signature_version": "v1", "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/media/v4l2-core/v4l2-async.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7062628caeaec90e8f691ebab2d70f31b7b6b91" }, { "digest": { "line_hashes": [ "144818502249641348033395686373518946323", "235509503961851575746878392358304277558", "318888434849942791287399737870775019716", "215832408338834780656025404117335188470" ], "threshold": 0.9 }, "id": "CVE-2023-52459-593d2b21", "signature_version": "v1", "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/media/v4l2-core/v4l2-async.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2" }, { "digest": { "length": 673.0, "function_hash": "312727021452839136689790239100327315326" }, "id": "CVE-2023-52459-8b6c03a9", "signature_version": "v1", "deprecated": false, "signature_type": "Function", "target": { "function": "v4l2_async_unregister_subdev", "file": "drivers/media/v4l2-core/v4l2-async.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7062628caeaec90e8f691ebab2d70f31b7b6b91" }, { "digest": { "line_hashes": [ "144818502249641348033395686373518946323", "235509503961851575746878392358304277558", "318888434849942791287399737870775019716", "215832408338834780656025404117335188470" ], "threshold": 0.9 }, "id": "CVE-2023-52459-bf2079c4", "signature_version": "v1", "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/media/v4l2-core/v4l2-async.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@49d82811428469566667f22749610b8c132cdb3e" }, { "digest": { "length": 673.0, "function_hash": "312727021452839136689790239100327315326" }, "id": "CVE-2023-52459-c73b4b2b", "signature_version": "v1", "deprecated": false, "signature_type": "Function", "target": { "function": "v4l2_async_unregister_subdev", "file": "drivers/media/v4l2-core/v4l2-async.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@49d82811428469566667f22749610b8c132cdb3e" } ] }