// For flags

CVE-2023-52475

Input: powermate - fix use-after-free in powermate_config_complete

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

Input: powermate - fix use-after-free in powermate_config_complete

syzbot has found a use-after-free bug [1] in the powermate driver. This
happens when the device is disconnected, which leads to a memory free from
the powermate_device struct. When an asynchronous control message
completes after the kfree and its callback is invoked, the lock does not
exist anymore and hence the bug.

Use usb_kill_urb() on pm->config to cancel any in-progress requests upon
device disconnection.

[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Entrada: powermate - corrige el use-after-free en powermate_config_complete syzbot ha encontrado un error de use-after-free [1] en el controlador powermate. Esto sucede cuando el dispositivo está desconectado, lo que genera una memoria libre de la estructura powermate_device. Cuando se completa un mensaje de control asincrónico después de que se invoca kfree y su devolución de llamada, el bloqueo ya no existe y de ahí el error. Utilice usb_kill_urb() en pm->config para cancelar cualquier solicitud en curso al desconectar el dispositivo. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-20 CVE Reserved
  • 2024-02-29 CVE Published
  • 2024-02-29 EPSS Updated
  • 2024-09-11 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 4.14.328
Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.328"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 4.19.297
Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.297"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.4.259
Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.259"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.10.199
Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.199"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.15.136
Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.136"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 6.1.59
Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.59"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 6.5.8
Search vendor "Linux" for product "Linux Kernel" and version " < 6.5.8"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 6.6
Search vendor "Linux" for product "Linux Kernel" and version " < 6.6"
en
Affected