{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-52847","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T15:19:24.255Z","datePublished":"2024-05-21T15:31:44.513Z","dateUpdated":"2025-05-04T07:44:14.058Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:44:14.058Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: bttv: fix use after free error due to btv->timeout timer\n\nThere may be some a race condition between timer function\nbttv_irq_timeout and bttv_remove. The timer is setup in\nprobe and there is no timer_delete operation in remove\nfunction. When it hit kfree btv, the function might still be\ninvoked, which will cause use after free bug.\n\nThis bug is found by static analysis, it may be false positive.\n\nFix it by adding del_timer_sync invoking to the remove function.\n\ncpu0                cpu1\n                  bttv_probe\n                    ->timer_setup\n                      ->bttv_set_dma\n                        ->mod_timer;\nbttv_remove\n  ->kfree(btv);\n                  ->bttv_irq_timeout\n                    ->USE btv"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/pci/bt8xx/bttv-driver.c"],"versions":[{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9","status":"affected","versionType":"git"},{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"b35fdade92c5058a5e727e233fe263b828de2c9a","status":"affected","versionType":"git"},{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"2f3d9198cdae1cb079ec8652f4defacd481eab2b","status":"affected","versionType":"git"},{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"51c94256a83fe4e17406c66ff3e1ad7d242d8574","status":"affected","versionType":"git"},{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"20568d06f6069cb835e05eed432edf962645d226","status":"affected","versionType":"git"},{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"1871014d6ef4812ad11ef7d838d73ce09d632267","status":"affected","versionType":"git"},{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"847599fffa528b2cdec4e21b6bf7586dad982132","status":"affected","versionType":"git"},{"version":"162e6376ac58440beb6a2d2ee294f5d88ea58dd1","lessThan":"bd5b50b329e850d467e7bcc07b2b6bde3752fbda","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/pci/bt8xx/bttv-driver.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"4.19.299","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.261","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.201","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.139","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.63","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.5.12","lessThanOrEqual":"6.5.*","status":"unaffected","versionType":"semver"},{"version":"6.6.2","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.299"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.4.261"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.201"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.139"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.5.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.6.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9"},{"url":"https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a"},{"url":"https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b"},{"url":"https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574"},{"url":"https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226"},{"url":"https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267"},{"url":"https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132"},{"url":"https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda"}],"title":"media: bttv: fix use after free error due to btv->timeout timer","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-10T19:17:00.085705Z","id":"CVE-2023-52847","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-18T19:41:06.842Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:11:36.080Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda","tags":["x_transferred"]}]}]}}