CVE-2023-54103Kernel vulnerability

5 documents4 sources
Severity
5.3MEDIUM
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linux Kernel
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to uncanceled work In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. Then mtk_jpeg_dec_device_run and mtk_jpeg_enc_device_run may be called to start the work. If we remove the module which will call mtk_jpeg_remove to make cleanup, there may be a unfinished work. The possible sequence is as follows, which will cause a typical UAF bug. Fix it by canc

Affected Packages2 packages

Linuxlinux/linux_kernel4.12.05.10.199+4
Debianlinux/linux_kernel< 5.10.205-1+3

🔴Vulnerability Details

3
GHSA
GHSA-w3g9-f95x-pwmf: In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to uncanceled work In mtk_jpeg_probe2025-12-24
OSV
CVE-2023-54103: In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to uncanceled work In mtk_jpeg_probe,2025-12-24
OSV
media: mtk-jpeg: Fix use after free bug due to uncanceled work2025-12-24

📋Vendor Advisories

1
Red Hat
kernel: media: mtk-jpeg: Fix use after free bug due to uncanceled work2025-12-24

🕵️Threat Intelligence

1
Wiz
CVE-2023-54103 Impact, Exploitability, and Mitigation Steps | Wiz