发布于3月6日3月6日 Members Red Hat: CVE-2023-52840: kernel: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 05/21/2024 Created 09/26/2024 Added 09/25/2024 Modified 01/03/2025 Description In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. Move the put_device() to the end to fix this. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-52840 RHSA-2024:7000 RHSA-2024:7001 RHSA-2024:9315
