Not to be fixed
Created: Feb 22, 2024
Updated: Feb 26, 2024
Resolved Date: Feb 26, 2024
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on the context object. However, that might happen before the usb hub_event handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.
CREATE(Triage):(User=admin) CVE-2023-52445 (https://nvd.nist.gov/vuln/detail/CVE-2023-52445)
