Wind River Support Network

HomeDefectsLIN1021-7334
Fixed

LIN1021-7334 : Security Advisory - linux - CVE-2023-52457

Created: Feb 25, 2024    Updated: Nov 19, 2024
Resolved Date: Nov 19, 2024
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed

Returning an error code from .remove() makes the driver core emit the
little helpful error message:

	remove callback returned a non-zero value. This will be ignored.

and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.

So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.

CREATE(Triage):(User=admin) CVE-2023-52457 (https://nvd.nist.gov/vuln/detail/CVE-2023-52457)

CVEs


Live chat
Online