CVE-2023-52629

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52629

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52629.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-52629

Downstream

BELL-CVE-2023-52629

DEBIAN-CVE-2023-52629

ECHO-59b9-a855-fb02

OESA-2024-1617

OESA-2024-1618

OESA-2024-1647

OESA-2024-1648

OESA-2024-1649

OESA-2024-1650

UBUNTU-CVE-2023-52629

USN-6972-1

USN-6972-2

USN-6972-3

USN-6972-4

USN-6973-1

USN-6973-2

USN-6973-3

USN-6973-4

USN-6974-1

USN-6974-2

USN-6976-1

USN-7006-1

USN-7019-1

Published

2024-03-29T10:15:09Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

The original code puts flushwork() before timershutdownsync() in switchdrvremove(). Although we use flushwork() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below:

  (cpu 0)                    |      (cpu 1)

switchdrvremove() | flushwork() | ... | switchtimer // timer | schedulework(&psw->work) timershutdownsync() | ... | switchwork_handler // worker kfree(psw) // free | | psw->state = 0 // use

This patch puts timershutdownsync() before flush_work() to mitigate the bugs. As a result, the worker and timer will be stopped safely before the deallocate operations.

References

Affected packages