CVE-2023-53003
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53003
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53003.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53003
- Downstream
- Published
- 2025-03-27T17:15:49Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo's pvtinfo
The memory for llccdrivdata is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcomedac driver release. So when the qcomedac driver gets probed again, it will try to use the freed data leading to the use-after-free bug.
Hence, do not pass llccdrivdata as pvtinfo but rather reference it using the platformdata pointer in the qcom_edac driver.
- References
-
- https://git.kernel.org/stable/c/66e10d5f399629ef7877304d9ba2b35d0474e7eb
- https://git.kernel.org/stable/c/6f0351d0c311951b8b3064db91e61841e85b2b96
- https://git.kernel.org/stable/c/76d9ebb7f0bc10fbc78b6d576751552edf743968
- https://git.kernel.org/stable/c/977c6ba624f24ae20cf0faee871257a39348d4a9
- https://git.kernel.org/stable/c/bff5243bd32661cf9ce66f6d9210fc8f89bda145