{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2023-52439","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-20T12:30:33.291Z","datePublished":"2024-02-20T18:34:49.323Z","dateUpdated":"2025-05-04T12:49:00.841Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:49:00.841Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nuio: Fix use-after-free in uio_open\n\ncore-1\t\t\t\tcore-2\n-------------------------------------------------------\nuio_unregister_device\t\tuio_open\n\t\t\t\tidev = idr_find()\ndevice_unregister(&idev->dev)\nput_device(&idev->dev)\nuio_device_release\n\t\t\t\tget_device(&idev->dev)\nkfree(idev)\nuio_free_minor(minor)\n\t\t\t\tuio_release\n\t\t\t\tput_device(&idev->dev)\n\t\t\t\tkfree(idev)\n-------------------------------------------------------\n\nIn the core-1 uio_unregister_device(), the device_unregister will kfree\nidev when the idev->dev kobject ref is 1. But after core-1\ndevice_unregister, put_device and before doing kfree, the core-2 may\nget_device. Then:\n1. After core-1 kfree idev, the core-2 will do use-after-free for idev.\n2. When core-2 do uio_release and put_device, the idev will be double\n   freed.\n\nTo address this issue, we can get idev atomic & inc idev reference with\nminor_lock."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/uio/uio.c"],"versions":[{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"3174e0f7de1ba392dc191625da83df02d695b60c","status":"affected","versionType":"git"},{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"e93da893d52d82d57fc0db2ca566024e0f26ff50","status":"affected","versionType":"git"},{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"5e0be1229ae199ebb90b33102f74a0f22d152570","status":"affected","versionType":"git"},{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"5cf604ee538ed0c467abe3b4cda5308a6398f0f7","status":"affected","versionType":"git"},{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"17a8519cb359c3b483fb5c7367efa9a8a508bdea","status":"affected","versionType":"git"},{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"35f102607054faafe78d2a6994b18d5d9d6e92ad","status":"affected","versionType":"git"},{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"913205930da6213305616ac539447702eaa85e41","status":"affected","versionType":"git"},{"version":"57c5f4df0a5a0ee83df799991251e2ee93a5e4e9","lessThan":"0c9ae0b8605078eafc3bea053cc78791e97ba2e2","status":"affected","versionType":"git"},{"version":"13af019c87f2d90e663742cb1a819834048842ae","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/uio/uio.c"],"versions":[{"version":"4.18","status":"affected"},{"version":"0","lessThan":"4.18","status":"unaffected","versionType":"semver"},{"version":"4.19.306","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.268","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.209","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.148","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.74","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.13","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.1","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"4.19.306"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.4.268"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.10.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.15.148"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.1.74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.6.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.100"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c"},{"url":"https://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50"},{"url":"https://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570"},{"url":"https://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7"},{"url":"https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea"},{"url":"https://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad"},{"url":"https://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41"},{"url":"https://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2"}],"title":"uio: Fix use-after-free in uio_open","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/3174e0f7de1ba392dc191625da83df02d695b60c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e93da893d52d82d57fc0db2ca566024e0f26ff50","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5e0be1229ae199ebb90b33102f74a0f22d152570","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5cf604ee538ed0c467abe3b4cda5308a6398f0f7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/35f102607054faafe78d2a6994b18d5d9d6e92ad","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/913205930da6213305616ac539447702eaa85e41","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0c9ae0b8605078eafc3bea053cc78791e97ba2e2","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20241227-0006/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-12-27T16:03:00.894Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-52439","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:02:55.773038Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:35.621Z"}}]},"dataVersion":"5.1"}