Vulnerability Details CVE-2023-52459
In the Linux kernel, the following vulnerability has been resolved:
media: v4l: async: Fix duplicated list deletion
The list deletion call dropped here is already called from the
helper function in the line before. Having a second list_del()
call results in either a warning (with CONFIG_DEBUG_LIST=y):
list_del corruption, c46c8198->next is LIST_POISON1 (00000100)
If CONFIG_DEBUG_LIST is disabled the operation results in a
kernel error due to NULL pointer dereference.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.8%
CVSS Severity
CVSS v3 Score 5.5
References
- https://git.kernel.org/stable/c/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2
- https://git.kernel.org/stable/c/49d82811428469566667f22749610b8c132cdb3e
- https://git.kernel.org/stable/c/b7062628caeaec90e8f691ebab2d70f31b7b6b91
- https://git.kernel.org/stable/c/3de6ee94aae701fa949cd3b5df6b6a440ddfb8f2
- https://git.kernel.org/stable/c/49d82811428469566667f22749610b8c132cdb3e
- https://git.kernel.org/stable/c/b7062628caeaec90e8f691ebab2d70f31b7b6b91
Products affected by CVE-2023-52459
-
cpe:2.3:o:linux:linux_kernel:6.6.1
-
cpe:2.3:o:linux:linux_kernel:6.6.10
-
cpe:2.3:o:linux:linux_kernel:6.6.11
-
cpe:2.3:o:linux:linux_kernel:6.6.12
-
cpe:2.3:o:linux:linux_kernel:6.6.13
-
cpe:2.3:o:linux:linux_kernel:6.6.2
-
cpe:2.3:o:linux:linux_kernel:6.6.3
-
cpe:2.3:o:linux:linux_kernel:6.6.4
-
cpe:2.3:o:linux:linux_kernel:6.6.5
-
cpe:2.3:o:linux:linux_kernel:6.6.6
-
cpe:2.3:o:linux:linux_kernel:6.6.7
-
cpe:2.3:o:linux:linux_kernel:6.6.8
-
cpe:2.3:o:linux:linux_kernel:6.6.9
-
cpe:2.3:o:linux:linux_kernel:6.7.1