The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
References
Configurations
History
25 Mar 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Nov 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Feb 2023, 18:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
References | (MISC) https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/ - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://seclists.org/oss-sec/2023/q1/53 - Exploit, Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/02/02/1 - Exploit, Mailing List, Third Party Advisory | |
First Time |
Linux
Linux linux Kernel |
02 Feb 2023, 13:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-02 00:15
Updated : 2024-03-25 01:15
NVD link : CVE-2023-25012
Mitre link : CVE-2023-25012
CVE.ORG link : CVE-2023-25012
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free