CVE-2023-52475

Input: powermate - fix use-after-free in powermate_config_complete

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

Input: powermate - fix use-after-free in powermate_config_complete

syzbot has found a use-after-free bug [1] in the powermate driver. This
happens when the device is disconnected, which leads to a memory free from
the powermate_device struct. When an asynchronous control message
completes after the kfree and its callback is invoked, the lock does not
exist anymore and hence the bug.

Use usb_kill_urb() on pm->config to cancel any in-progress requests upon
device disconnection.

[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Entrada: powermate - corrige el use-after-free en powermate_config_complete syzbot ha encontrado un error de use-after-free [1] en el controlador powermate. Esto sucede cuando el dispositivo está desconectado, lo que genera una memoria libre de la estructura powermate_device. Cuando se completa un mensaje de control asincrónico después de que se invoca kfree y su devolución de llamada, el bloqueo ya no existe y de ahí el error. Utilice usb_kill_urb() en pm->config para cancelar cualquier solicitud en curso al desconectar el dispositivo. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e

A use-after-free flaw was found in powermate_config_complete in drivers/input/misc/powermate.c in the Linux kernel. This issue may allow an attacker to crash the system at device disconnect, possibly leading to a kernel information leak problem.

*Credits: N/A

CVSS Scores

Red Hatv3.1 6.1

Attack Vector

Physical

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-02-29 CVE Published
2024-12-17 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (10)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9	2023-10-25
https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc	2023-10-25
https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd	2023-10-25
https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06	2023-10-25
https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f	2023-10-19
https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46	2023-10-19
https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8	2023-10-19
https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b11f461bc	2023-10-14

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52475	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2266916	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.328 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.328"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.297 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.297"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.259 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.259"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.199 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.199"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.136 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.136"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.59 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.5.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.5.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6"		en		Affected