cve/2023/CVE-2023-52439.md

### [CVE-2023-52439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52439)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=57c5f4df0a5a%3C%203174e0f7de1b%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:uio: Fix use-after-free in uio_opencore-1				core-2-------------------------------------------------------uio_unregister_device		uio_open				idev = idr_find()device_unregister(&idev->dev)put_device(&idev->dev)uio_device_release				get_device(&idev->dev)kfree(idev)uio_free_minor(minor)				uio_release				put_device(&idev->dev)				kfree(idev)-------------------------------------------------------In the core-1 uio_unregister_device(), the device_unregister will kfreeidev when the idev->dev kobject ref is 1. But after core-1device_unregister, put_device and before doing kfree, the core-2 mayget_device. Then:1. After core-1 kfree idev, the core-2 will do use-after-free for idev.2. When core-2 do uio_release and put_device, the idev will be double   freed.To address this issue, we can get idev atomic & inc idev reference withminor_lock.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds