Use After Free Affecting kernel-modules package, versions <0:4.18.0-553.22.1.el8_10
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELMODULES-7044387
- published 23 May 2024
- disclosed 21 May 2024
Introduced: 21 May 2024
CVE-2023-52840 Open this link in a new tabHow to fix?
Upgrade RHEL:8
kernel-modules
to version 0:4.18.0-553.22.1.el8_10 or higher.
This issue was patched in RHSA-2024:7000
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-modules
package and not the kernel-modules
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. Move the put_device() to the end to fix this.
References
- https://access.redhat.com/security/cve/CVE-2023-52840
- https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f
- https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2
- https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff
- https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5
- https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f
- https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585
- https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683
- https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1