CVE-2023-52847

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52847

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52847.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-52847

Downstream

BELL-CVE-2023-52847

DEBIAN-CVE-2023-52847

OESA-2024-1677

OESA-2024-1678

OESA-2024-1680

OESA-2024-1682

RHSA-2024:5101

RHSA-2024:5102

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2023-52847

Related

Published

2024-05-21T16:15:21Z

Modified

2025-08-09T20:01:28Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

media: bttv: fix use after free error due to btv->timeout timer

There may be some a race condition between timer function bttvirqtimeout and bttvremove. The timer is setup in probe and there is no timerdelete operation in remove function. When it hit kfree btv, the function might still be invoked, which will cause use after free bug.

This bug is found by static analysis, it may be false positive.

Fix it by adding deltimersync invoking to the remove function.

cpu0 cpu1 bttvprobe ->timersetup ->bttvsetdma ->modtimer; bttvremove ->kfree(btv); ->bttvirqtimeout ->USE btv

References

Affected packages