CVE-2023-52475: Input: powermate - fix use-after-free in powermate_config_complete

First published: Thu Feb 29 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm-&gt;config to cancel any in-progress requests upon device disconnection. [1] <a href="https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e">https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e</a> <a href="https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46">https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46</a> <a href="https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd">https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd</a> <a href="https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b11f461bc">https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b11f461bc</a> <a href="https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc">https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc</a> <a href="https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f">https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f</a> <a href="https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9">https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9</a> <a href="https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06">https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06</a> <a href="https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8">https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8</a>

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/title
• agent/type
• agent/first-publish-date
• agent/author
• collector/mitre-cve
• source/MITRE
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2023-52475
• agent/references
• agent/description
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/severity
• agent/remedy
• agent/last-modified-date
• agent/tags
• agent/softwarecombine
• agent/event
• vendor/linux
• canonical/linux linux kernel
• version/linux linux kernel/4.15
• version/linux linux kernel/4.20
• version/linux linux kernel/5.5
• version/linux linux kernel/5.11
• version/linux linux kernel/5.16
• version/linux linux kernel/6.2
• version/linux linux kernel/6.6-rc1
• version/linux linux kernel/6.6-rc2
• version/linux linux kernel/6.6-rc3
• version/linux linux kernel/6.6-rc4
• version/linux linux kernel/6.6-rc5