CVE-2023-54270Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
4.3MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below: [ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890 [ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49 [ 36.408316] [ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8 [ 36.411696] Hardware na

Affected Packages4 packages

Linuxlinux/linux_kernel4.6.04.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxdd47fbd40e6ea6884e295e13a2e50b0894258fdfc379272ea9c2ee36f0a1327b0fb8889c975093f7+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
media: usb: siano: Fix use after free bugs caused by do_submit_urb2025-12-30
OSV
CVE-2023-54270: In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF b2025-12-30
GHSA
GHSA-6jgm-8895-m249: In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: media: usb: siano: Fix use after free bugs caused by do_submit_urb2025-12-30
Debian
CVE-2023-54270: linux - In the Linux kernel, the following vulnerability has been resolved: media: usb:...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54270 Impact, Exploitability, and Mitigation Steps | Wiz