CVE-2023-52922

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 28, 2024
Updated: Dec 11, 2024
CWE ID 416

Summary

CVE-2023-52922: A vulnerability has been discovered in the Linux kernel's bcm driver. The issue, identified as a use-after-free (UAF), is located in the function bcm_proc_show(). The bug was triggered by task 'cat' when it attempted to read memory that had already been freed by the same task in bcm_sendmsg(). This could potentially lead to a read of arbitrary data, posing a security risk. The susceptible code was executed on a QEMU Standard PC (i440FX + PIIX) and was resolved by proper cleanup of the bcm_op structure before removing the procfs entry in bcm_release().

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share