{"id":"CVE-2023-52509","summary":"ravb: Fix use-after-free issue in ravb_tx_timeout_work()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nravb: Fix use-after-free issue in ravb_tx_timeout_work()\n\nThe ravb_stop() should call cancel_work_sync(). Otherwise,\nravb_tx_timeout_work() is possible to use the freed priv after\nravb_remove() was called like below:\n\nCPU0\t\t\tCPU1\n\t\t\travb_tx_timeout()\nravb_remove()\nunregister_netdev()\nfree_netdev(ndev)\n// free priv\n\t\t\travb_tx_timeout_work()\n\t\t\t// use priv\n\nunregister_netdev() will call .ndo_stop() so that ravb_stop() is\ncalled. And, after phy_stop() is called, netif_carrier_off()\nis also called. So that .ndo_tx_timeout() will not be called\nafter phy_stop().","modified":"2026-04-02T09:42:55.312211Z","published":"2024-03-02T21:52:22.006Z","related":["SUSE-SU-2024:1320-1","SUSE-SU-2024:1321-1","SUSE-SU-2024:1454-1","SUSE-SU-2024:1465-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1489-1","SUSE-SU-2024:1490-1","SUSE-SU-2024:1643-1","SUSE-SU-2024:1646-1","SUSE-SU-2024:1870-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52509.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89"},{"type":"WEB","url":"https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52509.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52509"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c156633f1353264634135dea86ffcae74f2122fc"},{"fixed":"65d34cfd4e347054eb4193bc95d9da7eaa72dee5"},{"fixed":"db9aafa19547833240f58c2998aed7baf414dc82"},{"fixed":"616761cf9df9af838c0a1a1232a69322a9eb67e6"},{"fixed":"6f6fa8061f756aedb93af12a8a5d3cf659127965"},{"fixed":"105abd68ad8f781985113aee2e92e0702b133705"},{"fixed":"3971442870713de527684398416970cf025b4f89"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52509.json"}}],"schema_version":"1.7.5"}