CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame()
First published: Tue May 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. So it's straight forward to fix bug by using the returned value.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=5.9<5.10.201 | |
| Linux Linux kernel | >=5.11<5.15.139 | |
| Linux Linux kernel | >=5.16<6.1.63 | |
| Linux Linux kernel | >=6.2<6.5.12 | |
| Linux Linux kernel | >=6.6<6.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/ddf4e04e946aaa6c458b8b6829617cc44af2bffd
- https://git.kernel.org/stable/c/a1a485e45d24b1cd8fe834fd6f1b06e2903827da
- https://git.kernel.org/stable/c/6086258bd5ea7b5c706ff62da42b8e271b2401db
- https://git.kernel.org/stable/c/1787b9f0729d318d67cf7c5a95f0c3dba9a7cc18
- https://git.kernel.org/stable/c/d103fb6726904e353b4773188ee3d3acb4078363
- https://git.kernel.org/stable/c/876f8ab52363f649bcc74072157dfd7adfbabc0d
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.9
- version/linux linux kernel/5.11
- version/linux linux kernel/5.16
- version/linux linux kernel/6.2
- version/linux linux kernel/6.6