In the Linux kernel, the following vulnerability has been resolved:
ravb: Fix use-after-free issue in ravbtxtimeout_work()
The ravbstop() should call cancelworksync(). Otherwise, ravbtxtimeoutwork() is possible to use the freed priv after ravb_remove() was called like below:
CPU0 CPU1 ravbtxtimeout() ravbremove() unregisternetdev() freenetdev(ndev) // free priv ravbtxtimeoutwork() // use priv
unregisternetdev() will call .ndostop() so that ravbstop() is called. And, after phystop() is called, netifcarrieroff() is also called. So that .ndotxtimeout() will not be called after phy_stop().
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65d34cfd4e347054eb4193bc95d9da7eaa72dee5", "deprecated": false, "id": "CVE-2023-52509-06358842", "signature_type": "Function", "digest": { "length": 1179.0, "function_hash": "267429952929452221499260714351809900565" }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c", "function": "ravb_close" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3971442870713de527684398416970cf025b4f89", "deprecated": false, "id": "CVE-2023-52509-1b6dd80c", "signature_type": "Function", "digest": { "length": 1386.0, "function_hash": "314497347598716459385413447092573684919" }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c", "function": "ravb_close" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6f6fa8061f756aedb93af12a8a5d3cf659127965", "deprecated": false, "id": "CVE-2023-52509-2a0c2eed", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192622537956174198895912207885388974378", "281202472840299179838140318893761127118", "28054573198020143408268069235294051350" ] }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db9aafa19547833240f58c2998aed7baf414dc82", "deprecated": false, "id": "CVE-2023-52509-2cb0b116", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "103241302355853749554193427905382496578", "114933803743147817557847343531878802466", "67525458867684258542947915810266032032" ] }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@105abd68ad8f781985113aee2e92e0702b133705", "deprecated": false, "id": "CVE-2023-52509-4323c5c0", "signature_type": "Function", "digest": { "length": 1386.0, "function_hash": "314497347598716459385413447092573684919" }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c", "function": "ravb_close" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@616761cf9df9af838c0a1a1232a69322a9eb67e6", "deprecated": false, "id": "CVE-2023-52509-74025cbe", "signature_type": "Function", "digest": { "length": 1186.0, "function_hash": "182521560766346493958268337096171928460" }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c", "function": "ravb_close" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db9aafa19547833240f58c2998aed7baf414dc82", "deprecated": false, "id": "CVE-2023-52509-97947f74", "signature_type": "Function", "digest": { "length": 1179.0, "function_hash": "267429952929452221499260714351809900565" }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c", "function": "ravb_close" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@616761cf9df9af838c0a1a1232a69322a9eb67e6", "deprecated": false, "id": "CVE-2023-52509-9915a586", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192622537956174198895912207885388974378", "281202472840299179838140318893761127118", "28054573198020143408268069235294051350" ] }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3971442870713de527684398416970cf025b4f89", "deprecated": false, "id": "CVE-2023-52509-c8e354b7", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192622537956174198895912207885388974378", "281202472840299179838140318893761127118", "28054573198020143408268069235294051350" ] }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65d34cfd4e347054eb4193bc95d9da7eaa72dee5", "deprecated": false, "id": "CVE-2023-52509-de0e874d", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "103241302355853749554193427905382496578", "114933803743147817557847343531878802466", "67525458867684258542947915810266032032" ] }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6f6fa8061f756aedb93af12a8a5d3cf659127965", "deprecated": false, "id": "CVE-2023-52509-f5b8fc73", "signature_type": "Function", "digest": { "length": 1386.0, "function_hash": "314497347598716459385413447092573684919" }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c", "function": "ravb_close" } }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@105abd68ad8f781985113aee2e92e0702b133705", "deprecated": false, "id": "CVE-2023-52509-ff7b2594", "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "192622537956174198895912207885388974378", "281202472840299179838140318893761127118", "28054573198020143408268069235294051350" ] }, "target": { "file": "drivers/net/ethernet/renesas/ravb_main.c" } } ] }