CVE-2023-52445

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 22, 2024

Updated: Jun 27, 2024

CWE ID 416

Summary

CVE-2023-52445 is a vulnerability affecting the Linux kernel's media driver, specifically the pvrusb2 module. The issue involves a use-after-free condition where a kthread is created during module load, and the context object is freed before the usb hub_event handler can notify the driver. This leads to an invalid read reported by syzbot within the context disconnection call stack. The vulnerability has been addressed by adding a sanity check to prevent the invalid read.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ulkCSr
https://www.cve.org/CVERecord?id=CVE-2023-52445
https://nvd.nist.gov/vuln/detail/CVE-2023-52445

Back to Vulnerability Database

CVE-2023-52445

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations