Home

Description

In the Linux kernel, the following vulnerability has been resolved: media: netup_unidvb: fix use-after-free at del_timer() When Universal DVB card is detaching, netup_unidvb_dma_fini() uses del_timer() to stop dma->timeout timer. But when timer handler netup_unidvb_dma_timeout() is running, del_timer() could not stop it. As a result, the use-after-free bug could happen. The process is shown below: (cleanup routine) | (timer routine) | mod_timer(&dev->tx_sim_timer, ..) netup_unidvb_finidev() | (wait a time) netup_unidvb_dma_fini() | netup_unidvb_dma_timeout() del_timer(&dma->timeout); | | ndev->pci_dev->dev //USE Fix by changing del_timer() to del_timer_sync().

PUBLISHED Reserved 2025-09-15 | Published 2025-09-15 | Updated 2025-09-15 | Assigner Linux

Product status

Default status
unaffected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before dd5c77814f290b353917df329f36de1472d47154
affected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before 90229e9ee957d4514425e4a4d82c50ab5d57ac4d
affected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before 1550bcf2983ae1220cc8ab899a39a423fa7cb523
affected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before f9982db735a8495eee14267cf193c806b957e942
affected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before 051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3
affected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before 07821524f67bf920342bc84ae8b3dea2a315a89e
affected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before c8f9c05e1ebcc9c7bc211cc8b74d8fb86a8756fc
affected

52b1eaf4c59a3bbd07afbb4ab4f43418a807d02e (git) before 0f5bb36bf9b39a2a96e730bf4455095b50713f63
affected

Default status
affected

4.3
affected

Any version before 4.3
unaffected

4.14.316 (semver)
unaffected

4.19.284 (semver)
unaffected

5.4.244 (semver)
unaffected

5.10.181 (semver)
unaffected

5.15.113 (semver)
unaffected

6.1.30 (semver)
unaffected

6.3.4 (semver)
unaffected

6.4 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/dd5c77814f290b353917df329f36de1472d47154

git.kernel.org/...c/90229e9ee957d4514425e4a4d82c50ab5d57ac4d

git.kernel.org/...c/1550bcf2983ae1220cc8ab899a39a423fa7cb523

git.kernel.org/...c/f9982db735a8495eee14267cf193c806b957e942

git.kernel.org/...c/051af3f0b7d1cd8ab7f3e2523ad8ae1af44caba3

git.kernel.org/...c/07821524f67bf920342bc84ae8b3dea2a315a89e

git.kernel.org/...c/c8f9c05e1ebcc9c7bc211cc8b74d8fb86a8756fc

git.kernel.org/...c/0f5bb36bf9b39a2a96e730bf4455095b50713f63

cve.org (CVE-2023-53219)

nvd.nist.gov (CVE-2023-53219)

Download JSON