CVE-2023-53515
EUVD-2025-3274501.10.2025, 12:15
In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vm_dev vm_dev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating the vm_dev struct with devres totally breaks this protection, though. Instead of waiting for the vm_dev release callback, the memory is freed when the platform_device is removed. Resulting in a use-after-free when finally the callback is to be called. To easily see the problem, compile the kernel with CONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs. The fix is easy, don't use devres in this case. Found during my research about object lifetime problems.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.15.1 ≤ 𝑥 < 4.19.293 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.4.255 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.192 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.128 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.47 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.4.12 |
| linux | linux_kernel | 4.15 |
| linux | linux_kernel | 4.15:rc3 |
| linux | linux_kernel | 4.15:rc4 |
| linux | linux_kernel | 4.15:rc5 |
| linux | linux_kernel | 4.15:rc6 |
| linux | linux_kernel | 4.15:rc7 |
| linux | linux_kernel | 4.15:rc8 |
| linux | linux_kernel | 4.15:rc9 |
| linux | linux_kernel | 6.5:rc1 |
| linux | linux_kernel | 6.5:rc2 |
| linux | linux_kernel | 6.5:rc3 |
| linux | linux_kernel | 6.5:rc4 |
| linux | linux_kernel | 6.5:rc5 |
| linux | linux_kernel | 6.5:rc6 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References