Description

In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info The memory for llcc_driv_data is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug. Hence, do not pass llcc_driv_data as pvt_info but rather reference it using the platform_data pointer in the qcom_edac driver.

INFO

Published Date :

2025-03-27T16:43:35.155Z

Last Modified :

2025-05-04T07:47:19.184Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-53003 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-53003.

URL Resource
https://git.kernel.org/stable/c/66e10d5f399629ef7877304d9ba2b35d0474e7eb cve-icon cve-icon
https://git.kernel.org/stable/c/6f0351d0c311951b8b3064db91e61841e85b2b96 cve-icon cve-icon
https://git.kernel.org/stable/c/76d9ebb7f0bc10fbc78b6d576751552edf743968 cve-icon cve-icon
https://git.kernel.org/stable/c/977c6ba624f24ae20cf0faee871257a39348d4a9 cve-icon cve-icon
https://git.kernel.org/stable/c/bff5243bd32661cf9ce66f6d9210fc8f89bda145 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025032712-CVE-2023-53003-8256@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53003 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53003 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact