DEBIAN-CVE-2023-53638

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53638

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53638.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53638

Upstream

CVE-2023-53638

Published

2025-10-07T16:15:47.017Z

Modified

2025-11-14T03:18:33.317110Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: octeonep: cancel queued works in probe error path If it fails to get the devices's MAC address, octepprobe exits while leaving the delayed work intrpolltask queued. When the work later runs, it's a use after free. Move the cancelation of intrpolltask from octepremove into octepdevicecleanup. This does not change anything in the octepremove flow, but octepdevicecleanup is called also in the octepprobe error path, where the cancelation is needed. Note that the cancelation of ctrlmboxtask has to follow intrpolltask's, because the ctrlmboxtask may be queued by intrpoll_task.

References

https://security-tracker.debian.org/tracker/CVE-2023-53638

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}