CVE-2023-52847

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52847
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52847.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52847
Downstream
Related
Published
2024-05-21T16:15:21Z
Modified
2025-08-09T20:01:28Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

media: bttv: fix use after free error due to btv->timeout timer

There may be some a race condition between timer function bttvirqtimeout and bttvremove. The timer is setup in probe and there is no timerdelete operation in remove function. When it hit kfree btv, the function might still be invoked, which will cause use after free bug.

This bug is found by static analysis, it may be false positive.

Fix it by adding deltimersync invoking to the remove function.

cpu0 cpu1 bttvprobe ->timersetup ->bttvsetdma ->modtimer; bttvremove ->kfree(btv); ->bttvirqtimeout ->USE btv

References

Affected packages