CVE-2023-53235Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using __drm_kunit_helper_alloc_drm_device() the driver may be dereferenced by device-managed resources up until the device is freed, which is typically later than the kunit-managed resource code frees it. Fix this by simply make the driver device-managed as well. In short, the sequence leading to the UAF is as follows: INIT: Code allocates a struct device as a kunit-managed resourc

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.36.5.5+1
Debianlinux/linux_kernel< 6.5.6-1+1
CVEListV5linux/linuxd98780310719bf4076d975c2ff65c44c7c0d929ec9d8be0e533738b744abb669263c4750d4830009+2
debiandebian/linux< linux 6.5.6-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-f58p-2pv4-p2jw: In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using __drm_kunit_helper_alloc_drm_d2025-09-15
OSV
CVE-2023-53235: In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver uaf when using __drm_kunit_helper_alloc_drm_dev2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: drm/tests: helpers: Avoid a driver uaf2025-09-15
Debian
CVE-2023-53235: linux - In the Linux kernel, the following vulnerability has been resolved: drm/tests: ...2023
CVE-2023-53235 — Use After Free in Linux | cvebase