CVE-2023-54083

When we try to destroy the port dev, it will destroy its dev driver as well. But we did not remove the reference from usb-phy dev. This might cause the use-after-free issue in KASAN.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54083.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e8f7d2f409a15c519d5a6085777d85c1c4bab73a

Fixed

b6a107c52073496d2e5d2837915f59fb3103832f

Fixed

b84998a407a882991916b1a61d987c400d8a0ce6

Fixed

238edc04ddb9d272b38f5419bcd419ad3b92b91b

Fixed

82187460347ad58fd6b06d2883da73c3f2df9631

Fixed

c0c2fcb1325d0d4f3b322b5ee49385f8eca2560d

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54083.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.7.0

Fixed

5.10.188

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.121

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.39

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.4.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54083.json"