Description A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.
CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Exploitability: 1.8 | Impact: 3.6 Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages2 packages Also affects: Fedora 38
🔴 Vulnerability Details7 GHSA GHSA-hpvm-q8v2-j94r: A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel ↗ 2024-11-14 ▶ OSV CVE-2023-4134: A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel ↗ 2024-11-14 ▶ CVEList Kernel: cyttsp4_core: use-after-free in cyttsp4_watchdog_work() ↗ 2024-11-14 ▶ OSV linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities ↗ 2024-03-27 ▶ OSV linux-kvm vulnerabilities ↗ 2024-03-20 ▶ Show 2 more
📋 Vendor Advisories10 Ubuntu Linux kernel (Intel IoTG) vulnerabilities ↗ 2024-03-27 ▶ Ubuntu Linux kernel (AWS) vulnerabilities ↗ 2024-03-20 ▶ Ubuntu Linux kernel (KVM) vulnerabilities ↗ 2024-03-20 ▶ Ubuntu Linux kernel (Oracle) vulnerabilities ↗ 2024-03-19 ▶ Ubuntu Linux kernel vulnerabilities ↗ 2024-03-13 ▶ Show 5 more