high
7.8
CWE
416 415
Advisory Published
CVE Published
Updated

CVE-2023-52439: uio: Fix use-after-free in uio_open

First published: Tue Feb 20 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&amp;idev-&gt;dev) put_device(&amp;idev-&gt;dev) uio_device_release get_device(&amp;idev-&gt;dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&amp;idev-&gt;dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev-&gt;dev kobject ref is 1. But after core-1 device_unregister, put_device and before doing kfree, the core-2 may get_device. Then: 1. After core-1 kfree idev, the core-2 will do use-after-free for idev. 2. When core-2 do uio_release and put_device, the idev will be double freed. To address this issue, we can get idev atomic &amp; inc idev reference with minor_lock. <a href="https://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2">https://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2</a> <a href="https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea">https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea</a> <a href="https://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c">https://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c</a> <a href="https://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad">https://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad</a> <a href="https://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7">https://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7</a> <a href="https://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570">https://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570</a> <a href="https://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41">https://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41</a> <a href="https://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50">https://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50</a>

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Linux kernel>4.18.0<4.19.306
Linux Linux kernel>=4.20.0<5.4.268
Linux Linux kernel>=5.5.0<5.10.209
Linux Linux kernel>=5.11.0<5.15.148
Linux Linux kernel>=5.16.0<6.1.74
Linux Linux kernel>=6.2.0<6.6.13
Linux Linux kernel>=6.7.0<6.7.1
Linux Linux kernel=4.18
Linux Linux kernel=4.18-rc5
Linux Linux kernel=4.18-rc6
Linux Linux kernel=4.18-rc7
Linux Linux kernel=4.18-rc8
ubuntu/linux<4.15.0-225.237
4.15.0-225.237
ubuntu/linux<5.4.0-176.196
5.4.0-176.196
ubuntu/linux<5.15.0-102.112
5.15.0-102.112
ubuntu/linux<6.8~
6.8~
ubuntu/linux-aws<4.15.0-1168.181
4.15.0-1168.181
ubuntu/linux-aws<5.4.0-1122.132
5.4.0-1122.132
ubuntu/linux-aws<5.15.0-1057.63
5.15.0-1057.63
ubuntu/linux-aws<6.8~
6.8~
ubuntu/linux-aws-5.15<5.15.0-1057.63~20.04.1
5.15.0-1057.63~20.04.1
ubuntu/linux-aws-5.15<6.8~
6.8~
ubuntu/linux-aws-5.4<6.8~
6.8~
ubuntu/linux-aws-6.5<6.8~
6.8~
ubuntu/linux-aws-fips<6.8~
6.8~
ubuntu/linux-aws-hwe<6.8~
6.8~
ubuntu/linux-aws-hwe<4.15.0-1168.181~16.04.1
4.15.0-1168.181~16.04.1
ubuntu/linux-azure<5.4.0-1127.134
5.4.0-1127.134
ubuntu/linux-azure<5.15.0-1060.69
5.15.0-1060.69
ubuntu/linux-azure<4.15.0-1177.192~14.04.1
4.15.0-1177.192~14.04.1
ubuntu/linux-azure<6.8~
6.8~
ubuntu/linux-azure<4.15.0-1177.192~16.04.1
4.15.0-1177.192~16.04.1
ubuntu/linux-azure-4.15<4.15.0-1177.192
4.15.0-1177.192
ubuntu/linux-azure-4.15<6.8~
6.8~
ubuntu/linux-azure-5.15<5.15.0-1060.69~20.04.1
5.15.0-1060.69~20.04.1
ubuntu/linux-azure-5.15<6.8~
6.8~
ubuntu/linux-azure-5.4<6.8~
6.8~
ubuntu/linux-azure-6.5<6.8~
6.8~
ubuntu/linux-azure-fde<5.15.0-1060.69.1
5.15.0-1060.69.1
ubuntu/linux-azure-fde<6.8~
6.8~
ubuntu/linux-azure-fde-5.15<5.15.0-1060.69~20.04.1.1
5.15.0-1060.69~20.04.1.1
ubuntu/linux-azure-fde-5.15<6.8~
6.8~
ubuntu/linux-azure-fips<6.8~
6.8~
ubuntu/linux-bluefield<5.4.0-1082.89
5.4.0-1082.89
ubuntu/linux-bluefield<6.8~
6.8~
ubuntu/linux-fips<6.8~
6.8~
ubuntu/linux-gcp<5.4.0-1126.135
5.4.0-1126.135
ubuntu/linux-gcp<5.15.0-1055.63
5.15.0-1055.63
ubuntu/linux-gcp<6.8~
6.8~
ubuntu/linux-gcp<4.15.0-1162.179~16.04.1
4.15.0-1162.179~16.04.1
ubuntu/linux-gcp-4.15<4.15.0-1162.179
4.15.0-1162.179
ubuntu/linux-gcp-4.15<6.8~
6.8~
ubuntu/linux-gcp-5.15<5.15.0-1055.63~20.04.1
5.15.0-1055.63~20.04.1
ubuntu/linux-gcp-5.15<6.8~
6.8~
ubuntu/linux-gcp-5.4<6.8~
6.8~
ubuntu/linux-gcp-6.5<6.8~
6.8~
ubuntu/linux-gcp-fips<6.8~
6.8~
ubuntu/linux-gke<5.15.0-1054.59
5.15.0-1054.59
ubuntu/linux-gke<6.8~
6.8~
ubuntu/linux-gkeop<5.4.0-1089.93
5.4.0-1089.93
ubuntu/linux-gkeop<5.15.0-1040.46
5.15.0-1040.46
ubuntu/linux-gkeop<6.8~
6.8~
ubuntu/linux-gkeop-5.15<5.15.0-1040.46~20.04.1
5.15.0-1040.46~20.04.1
ubuntu/linux-gkeop-5.15<6.8~
6.8~
ubuntu/linux-hwe<6.8~
6.8~
ubuntu/linux-hwe<4.15.0-225.237~16.04.1
4.15.0-225.237~16.04.1
ubuntu/linux-hwe-5.15<5.15.0-102.112~20.04.1
5.15.0-102.112~20.04.1
ubuntu/linux-hwe-5.15<6.8~
6.8~
ubuntu/linux-hwe-5.4<6.8~
6.8~
ubuntu/linux-hwe-6.5<6.8~
6.8~
ubuntu/linux-ibm<5.4.0-1069.74
5.4.0-1069.74
ubuntu/linux-ibm<5.15.0-1050.53
5.15.0-1050.53
ubuntu/linux-ibm<6.8~
6.8~
ubuntu/linux-ibm-5.15<5.15.0-1050.53~20.04.1
5.15.0-1050.53~20.04.1
ubuntu/linux-ibm-5.15<6.8~
6.8~
ubuntu/linux-ibm-5.4<6.8~
6.8~
ubuntu/linux-intel<6.8~
6.8~
ubuntu/linux-intel-iot-realtime<6.8~
6.8~
ubuntu/linux-intel-iotg<5.15.0-1052.58
5.15.0-1052.58
ubuntu/linux-intel-iotg<6.8~
6.8~
ubuntu/linux-intel-iotg-5.15<5.15.0-1052.58~20.04.1
5.15.0-1052.58~20.04.1
ubuntu/linux-intel-iotg-5.15<6.8~
6.8~
ubuntu/linux-iot<5.4.0-1034.35
5.4.0-1034.35
ubuntu/linux-iot<6.8~
6.8~
ubuntu/linux-kvm<4.15.0-1152.157
4.15.0-1152.157
ubuntu/linux-kvm<5.4.0-1110.117
5.4.0-1110.117
ubuntu/linux-kvm<5.15.0-1054.59
5.15.0-1054.59
ubuntu/linux-kvm<6.8~
6.8~
ubuntu/linux-laptop<6.8~
6.8~
ubuntu/linux-lowlatency<5.15.0-102.112
5.15.0-102.112
ubuntu/linux-lowlatency<6.8~
6.8~
ubuntu/linux-lowlatency-hwe-5.15<5.15.0-102.112~20.04.1
5.15.0-102.112~20.04.1
ubuntu/linux-lowlatency-hwe-5.15<6.8~
6.8~
ubuntu/linux-lowlatency-hwe-6.5<6.8~
6.8~
ubuntu/linux-lowlatency-hwe-6.8<6.8~
6.8~
ubuntu/linux-lts-xenial<6.8~
6.8~
ubuntu/linux-nvidia<5.15.0-1048.48
5.15.0-1048.48
ubuntu/linux-nvidia<6.8~
6.8~
ubuntu/linux-nvidia-6.5<6.5.0-1014.14
6.5.0-1014.14
ubuntu/linux-nvidia-6.5<6.8~
6.8~
ubuntu/linux-nvidia-6.8<6.8~
6.8~
ubuntu/linux-nvidia-lowlatency<6.8~
6.8~
ubuntu/linux-oem-6.1<6.1.0-1035.35
6.1.0-1035.35
ubuntu/linux-oem-6.5<6.8~
6.8~
ubuntu/linux-oem-6.8<6.8~
6.8~
ubuntu/linux-oracle<4.15.0-1131.142
4.15.0-1131.142
ubuntu/linux-oracle<5.4.0-1121.130
5.4.0-1121.130
ubuntu/linux-oracle<5.15.0-1055.61
5.15.0-1055.61
ubuntu/linux-oracle<6.8~
6.8~
ubuntu/linux-oracle<4.15.0-1131.142~16.04.1
4.15.0-1131.142~16.04.1
ubuntu/linux-oracle-5.15<5.15.0-1055.61~20.04.1
5.15.0-1055.61~20.04.1
ubuntu/linux-oracle-5.15<6.8~
6.8~
ubuntu/linux-oracle-5.4<6.8~
6.8~
ubuntu/linux-oracle-6.5<6.8~
6.8~
ubuntu/linux-raspi<5.4.0-1106.118
5.4.0-1106.118
ubuntu/linux-raspi<5.15.0-1050.53
5.15.0-1050.53
ubuntu/linux-raspi<6.8~
6.8~
ubuntu/linux-raspi-5.4<6.8~
6.8~
ubuntu/linux-raspi-realtime<6.8~
6.8~
ubuntu/linux-realtime<6.8~
6.8~
ubuntu/linux-riscv<6.8~
6.8~
ubuntu/linux-riscv-5.15<5.15.0-1053.57~20.04.1
5.15.0-1053.57~20.04.1
ubuntu/linux-riscv-5.15<6.8~
6.8~
ubuntu/linux-riscv-6.5<6.8~
6.8~
ubuntu/linux-riscv-6.8<6.8~
6.8~
ubuntu/linux-starfive<6.8~
6.8~
ubuntu/linux-starfive-6.5<6.8~
6.8~
ubuntu/linux-xilinx-zynqmp<5.4.0-1041.45
5.4.0-1041.45
ubuntu/linux-xilinx-zynqmp<5.15.0-1030.34
5.15.0-1030.34
ubuntu/linux-xilinx-zynqmp<6.8~
6.8~
debian/linux
5.10.223-1
6.1.106-3
6.1.99-1
6.10.6-1
6.10.7-1

Remedy

https://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2

Remedy

https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea

Remedy

https://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c

Remedy

https://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad

Remedy

https://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7

Remedy

https://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570

Remedy

https://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41

Remedy

https://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50

Remedy

https://git.kernel.org/linus/57c5f4df0a5a0ee83df799991251e2ee93a5e4e9

Remedy

https://git.kernel.org/linus/0c9ae0b8605078eafc3bea053cc78791e97ba2e2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203