[{"vendor":"linux","product":"linux_kernel","defaultStatus":"unknown","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"versions":[{"version":"9f5e8eee5cfe","lessThan":"610dbd8ac271","versionType":"custom","status":"affected"},{"version":"9f5e8eee5cfe","lessThan":"246f80a0b17f","versionType":"custom","status":"affected"},{"version":"2.6.20","status":"affected"},{"version":"0","lessThan":"2.6.20","versionType":"custom","status":"unaffected"},{"version":"6.54","lessThanOrEqual":"6.6","versionType":"custom","status":"unaffected"},{"version":"0","lessThanOrEqual":"6.6","versionType":"custom","status":"unaffected"}]}]

{"timestamp":"2024-04-01T17:41:22.649775Z","id":"CVE-2023-52629","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/sh/drivers/push-switch.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9f5e8eee5cfe1328660c71812d87c2a67bda389f","lessThan":"610dbd8ac271aa36080aac50b928d700ee3fe4de","versionType":"git","status":"affected"},{"version":"9f5e8eee5cfe1328660c71812d87c2a67bda389f","lessThan":"246f80a0b17f8f582b2c0996db02998239057c65","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/sh/drivers/push-switch.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.20","status":"affected"},{"version":"0","lessThan":"2.6.20","versionType":"semver","status":"unaffected"},{"version":"6.5.4","lessThanOrEqual":"6.5.*","versionType":"semver","status":"unaffected"},{"version":"6.6","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

OR
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.20 up to (excluding) 6.5.4

CVE: https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65 Types: Patch

CVE: https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de Types: Patch

kernel.org: https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65 Types: Patch

kernel.org: https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de Types: Patch

https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65

https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de

CISA-ADP AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA-ADP CWE-416

In the Linux kernel, the following vulnerability has been resolved:

sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

The original code puts flush_work() before timer_shutdown_sync()
in switch_drv_remove(). Although we use flush_work() to stop
the worker, it could be rescheduled in switch_timer(). As a result,
a use-after-free bug can occur. The details are shown below:

      (cpu 0)                    |      (cpu 1)
switch_drv_remove()              |
 flush_work()                    |
  ...                            |  switch_timer // timer
                                 |   schedule_work(&psw->work)
 timer_shutdown_sync()           |
 ...                             |  switch_work_handler // worker
 kfree(psw) // free              |
                                 |   psw->state = 0 // use

This patch puts timer_shutdown_sync() before flush_work() to
mitigate the bugs. As a result, the worker and timer will be
stopped safely before the deallocate operations.

kernel.org https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65 [No types assigned]

kernel.org https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de [No types assigned]