CVE-2023-52847

In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_delete operation in remove function. When it hit kfree btv, the function might still be invoked, which will cause use after free bug. This bug is found by static analysis, it may be false positive. Fix it by adding del_timer_sync invoking to the remove function. cpu0 cpu1 bttv_probe ->timer_setup ->bttv_set_dma ->mod_timer; bttv_remove ->kfree(btv); ->bttv_irq_timeout ->USE btv

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267	Mailing List Patch
https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226	Mailing List Patch
https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b	Mailing List Patch
https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574	Mailing List Patch
https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132	Mailing List Patch
https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a	Mailing List Patch
https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9	Mailing List Patch
https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda	Mailing List Patch
https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267	Mailing List Patch
https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226	Mailing List Patch
https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b	Mailing List Patch
https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574	Mailing List Patch
https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132	Mailing List Patch
https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a	Mailing List Patch
https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9	Mailing List Patch
https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

17 Jun 2026, 06:43

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CWE		CWE-416 CWE-362
References	~~() https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267 -~~	() https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226 -~~	() https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b -~~	() https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574 -~~	() https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132 -~~	() https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a -~~	() https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9 -~~	() https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9 - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda -~~	() https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda - Mailing List, Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.0
CPE		cpe:2.3:o:linux:linux_kernel::::::::

21 Nov 2024, 08:40

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267 -~~	() https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267 -
References	~~() https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226 -~~	() https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226 -
References	~~() https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b -~~	() https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b -
References	~~() https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574 -~~	() https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574 -
References	~~() https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132 -~~	() https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132 -
References	~~() https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a -~~	() https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a -
References	~~() https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9 -~~	() https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9 -
References	~~() https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda -~~	() https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda -
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medio: bttv: corrección de uso después de error gratuito debido a btv->timeout timer. Puede haber alguna condición de ejecución entre la función del temporizador bttv_irq_timeout y bttv_remove. El temporizador está configurado en la sonda y no hay ninguna operación timer_delete en la función de eliminación. Cuando llega a kfree btv, es posible que la función aún se invoque, lo que provocará un error de use after free. Este error se encuentra mediante análisis estático y puede ser un falso positivo. Solucionelo agregando del_timer_sync invocando a la función de eliminación. cpu0 cpu1 bttv_probe ->timer_setup ->bttv_set_dma ->mod_timer; bttv_remove ->kfree(btv); ->bttv_irq_timeout ->USE btv

21 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 16:15

Updated : 2026-06-17 06:43

NVD link : CVE-2023-52847

Mitre link : CVE-2023-52847

CVE.ORG link : CVE-2023-52847

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free

7.0 /10