CVE-2023-53747Use After Free in Linux

CWE-416Use After Free6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After a call to console_unlock() in vcs_write() the vc_data struct can be freed by vc_port_destruct(). Because of that, the struct vc_data pointer must be reloaded in the while loop in vcs_write() after console_lock() to avoid a UAF when vcs_size() is called. Syzkaller reported a UAF in vcs_size(). BUG: KASAN: slab-use-after-free in vcs_size (driver

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.384.14.327+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxac751efa6a0d70f2c9daef5c7e3a92270f5c2dff934de9a9b659785fed3e820bc0c813a460c71fea+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-286m-g766-wcgx: In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF Aft2025-12-08
OSV
CVE-2023-53747: In the Linux kernel, the following vulnerability has been resolved: vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF After2025-12-08
OSV
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF2025-12-08

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service via use-after-free in vc_screen2025-12-08
Debian
CVE-2023-53747: linux - In the Linux kernel, the following vulnerability has been resolved: vc_screen: ...2023