CVE-2023-52840

May 21, 2024, 4:53 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. Move the put_device() to the end to fix this.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f
https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2
https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff
https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5
https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f
https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585
https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683
https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-21
CVE-2023-52840

Timeline

Published: May 21, 2024, 4:15 p.m.
Last Modified: May 21, 2024, 4:53 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.