admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-526xx/CVE-2023-52629.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

72 lines
3.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-52629",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-29T10:15:09.327",
"lastModified": "2024-11-21T08:40:14.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsh: push-switch: Reorder cleanup operations to avoid use-after-free bug\n\nThe original code puts flush_work() before timer_shutdown_sync()\nin switch_drv_remove(). Although we use flush_work() to stop\nthe worker, it could be rescheduled in switch_timer(). As a result,\na use-after-free bug can occur. The details are shown below:\n\n (cpu 0) | (cpu 1)\nswitch_drv_remove() |\n flush_work() |\n ... | switch_timer // timer\n | schedule_work(&psw->work)\n timer_shutdown_sync() |\n ... | switch_work_handler // worker\n kfree(psw) // free |\n | psw->state = 0 // use\n\nThis patch puts timer_shutdown_sync() before flush_work() to\nmitigate the bugs. As a result, the worker and timer will be\nstopped safely before the deallocate operations."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sh: push-switch: reordenar las operaciones de limpieza para evitar el error de use after free. El c\u00f3digo original coloca Flush_work() antes de timer_shutdown_sync() en switch_drv_remove(). Aunque usamos Flush_work() para detener al trabajador, podr\u00eda reprogramarse en switch_timer(). Como resultado, puede ocurrir un error de use after free. Los detalles se muestran a continuaci\u00f3n: (cpu 0) | (procesador 1) switch_drv_remove() | descarga_trabajo() | ... | switch_timer // temporizador | Schedule_work(&psw->trabajo) timer_shutdown_sync() | ... | switch_work_handler // trabajador kfree(psw) // gratis | | psw->state = 0 // uso Este parche coloca timer_shutdown_sync() antes de Flush_work() para mitigar los errores. Como resultado, el trabajador y el temporizador se detendr\u00e1n de forma segura antes de las operaciones de desasignaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink