Wind River Support Network

HomeDefectsLIN1022-6621
Fixed

LIN1022-6621 : Security Advisory - linux - CVE-2023-52457

Created: Feb 25, 2024    Updated: Mar 7, 2024
Resolved Date: Mar 7, 2024
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed

Returning an error code from .remove() makes the driver core emit the
little helpful error message:

	remove callback returned a non-zero value. This will be ignored.

and then remove the device anyhow. So all resources that were not freed
are leaked in this case. Skipping serial8250_unregister_port() has the
potential to keep enough of the UART around to trigger a use-after-free.

So replace the error return (and with it the little helpful error
message) by a more useful error message and continue to cleanup.

CREATE(Triage):(User=admin) CVE-2023-52457 (https://nvd.nist.gov/vuln/detail/CVE-2023-52457)

CVEs


Live chat
Online