CVE-2023-52847

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52847
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52847.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52847
Downstream
Related
Published
2024-05-21T15:31:44.513Z
Modified
2026-03-20T12:32:50.123523Z
Summary
media: bttv: fix use after free error due to btv->timeout timer
Details

In the Linux kernel, the following vulnerability has been resolved:

media: bttv: fix use after free error due to btv->timeout timer

There may be some a race condition between timer function bttvirqtimeout and bttvremove. The timer is setup in probe and there is no timerdelete operation in remove function. When it hit kfree btv, the function might still be invoked, which will cause use after free bug.

This bug is found by static analysis, it may be false positive.

Fix it by adding deltimersync invoking to the remove function.

cpu0 cpu1 bttvprobe ->timersetup ->bttvsetdma ->modtimer; bttvremove ->kfree(btv); ->bttvirqtimeout ->USE btv

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52847.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
162e6376ac58440beb6a2d2ee294f5d88ea58dd1
Fixed
bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9
Fixed
b35fdade92c5058a5e727e233fe263b828de2c9a
Fixed
2f3d9198cdae1cb079ec8652f4defacd481eab2b
Fixed
51c94256a83fe4e17406c66ff3e1ad7d242d8574
Fixed
20568d06f6069cb835e05eed432edf962645d226
Fixed
1871014d6ef4812ad11ef7d838d73ce09d632267
Fixed
847599fffa528b2cdec4e21b6bf7586dad982132
Fixed
bd5b50b329e850d467e7bcc07b2b6bde3752fbda

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52847.json"