github - ghsa-6jgm-8895-m249

GHSA-6JGM-8895-M249

Vulnerability from github – Published: 2025-12-30 15:30 – Updated: 2025-12-30 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

media: usb: siano: Fix use after free bugs caused by do_submit_urb

There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below:

[ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890 [ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49 [ 36.408316] [ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8 [ 36.411696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g15584 [ 36.416157] Workqueue: 0x0 (events) [ 36.417654] Call Trace: [ 36.418546] [ 36.419320] dump_stack_lvl+0x96/0xd0 [ 36.420522] print_address_description+0x75/0x350 [ 36.421992] print_report+0x11b/0x250 [ 36.423174] ? _raw_spin_lock_irqsave+0x87/0xd0 [ 36.424806] ? __virt_addr_valid+0xcf/0x170 [ 36.426069] ? worker_thread+0x4a2/0x890 [ 36.427355] kasan_report+0x131/0x160 [ 36.428556] ? worker_thread+0x4a2/0x890 [ 36.430053] worker_thread+0x4a2/0x890 [ 36.431297] ? worker_clr_flags+0x90/0x90 [ 36.432479] kthread+0x166/0x190 [ 36.433493] ? kthread_blkcg+0x50/0x50 [ 36.434669] ret_from_fork+0x22/0x30 [ 36.435923] [ 36.436684] [ 36.437215] Allocated by task 24: [ 36.438289] kasan_set_track+0x50/0x80 [ 36.439436] __kasan_kmalloc+0x89/0xa0 [ 36.440566] smsusb_probe+0x374/0xc90 [ 36.441920] usb_probe_interface+0x2d1/0x4c0 [ 36.443253] really_probe+0x1d5/0x580 [ 36.444539] __driver_probe_device+0xe3/0x130 [ 36.446085] driver_probe_device+0x49/0x220 [ 36.447423] __device_attach_driver+0x19e/0x1b0 [ 36.448931] bus_for_each_drv+0xcb/0x110 [ 36.450217] __device_attach+0x132/0x1f0 [ 36.451470] bus_probe_device+0x59/0xf0 [ 36.452563] device_add+0x4ec/0x7b0 [ 36.453830] usb_set_configuration+0xc63/0xe10 [ 36.455230] usb_generic_driver_probe+0x3b/0x80 [ 36.456166] printk: console [ttyGS0] disabled [ 36.456569] usb_probe_device+0x90/0x110 [ 36.459523] really_probe+0x1d5/0x580 [ 36.461027] __driver_probe_device+0xe3/0x130 [ 36.462465] driver_probe_device+0x49/0x220 [ 36.463847] __device_attach_driver+0x19e/0x1b0 [ 36.465229] bus_for_each_drv+0xcb/0x110 [ 36.466466] __device_attach+0x132/0x1f0 [ 36.467799] bus_probe_device+0x59/0xf0 [ 36.469010] device_add+0x4ec/0x7b0 [ 36.470125] usb_new_device+0x863/0xa00 [ 36.471374] hub_event+0x18c7/0x2220 [ 36.472746] process_one_work+0x34c/0x5b0 [ 36.474041] worker_thread+0x4b7/0x890 [ 36.475216] kthread+0x166/0x190 [ 36.476267] ret_from_fork+0x22/0x30 [ 36.477447] [ 36.478160] Freed by task 24: [ 36.479239] kasan_set_track+0x50/0x80 [ 36.480512] kasan_save_free_info+0x2b/0x40 [ 36.481808] _kasanslab_free+0x122/0x1a0 [ 36.483173] kmem_cache_free+0xc4/0x200 [ 36.484563] smsusb_term_device+0xcd/0xf0 [ 36.485896] smsusb_probe+0xc85/0xc90 [ 36.486976] usb_probe_interface+0x2d1/0x4c0 [ 36.488303] really_probe+0x1d5/0x580 [ 36.489498] __driver_probe_device+0xe3/0x130 [ 36.491140] driver_probe_device+0x49/0x220 [ 36.492475] __device_attach_driver+0x19e/0x1b0 [ 36.493988] bus_for_each_drv+0xcb/0x110 [ 36.495171] __device_attach+0x132/0x1f0 [ 36.496617] bus_probe_device+0x59/0xf0 [ 36.497875] device_add+0x4ec/0x7b0 [ 36.498972] usb_set_configuration+0xc63/0xe10 [ 36.500264] usb_generic_driver_probe+0x3b/0x80 [ 36.501740] usb_probe_device+0x90/0x110 [ 36.503084] really_probe+0x1d5/0x580 [ 36.504241] __driver_probe_device+0xe3/0x130 [ 36.505548] driver_probe_device+0x49/0x220 [ 36.506766] __device_attach_driver+0x19e/0x1b0 [ 36.508368] bus_for_each_drv+0xcb/0x110 [ 36.509646] __device_attach+0x132/0x1f0 [ 36.510911] bus_probe_device+0x59/0xf0 [ 36.512103] device_add+0x4ec/0x7b0 [ 36.513215] usb_new_device+0x863/0xa00 [ 36.514736] hub_event+0x18c7/0x2220 [ 36.516130] process_one_work+ ---truncated---

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-54270"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T13:16:15Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: siano: Fix use after free bugs caused by do_submit_urb\n\nThere are UAF bugs caused by do_submit_urb(). One of the KASan reports\nis shown below:\n\n[   36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890\n[   36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49\n[   36.408316]\n[   36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8\n[   36.411696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g15584\n[   36.416157] Workqueue:  0x0 (events)\n[   36.417654] Call Trace:\n[   36.418546]  \u003cTASK\u003e\n[   36.419320]  dump_stack_lvl+0x96/0xd0\n[   36.420522]  print_address_description+0x75/0x350\n[   36.421992]  print_report+0x11b/0x250\n[   36.423174]  ? _raw_spin_lock_irqsave+0x87/0xd0\n[   36.424806]  ? __virt_addr_valid+0xcf/0x170\n[   36.426069]  ? worker_thread+0x4a2/0x890\n[   36.427355]  kasan_report+0x131/0x160\n[   36.428556]  ? worker_thread+0x4a2/0x890\n[   36.430053]  worker_thread+0x4a2/0x890\n[   36.431297]  ? worker_clr_flags+0x90/0x90\n[   36.432479]  kthread+0x166/0x190\n[   36.433493]  ? kthread_blkcg+0x50/0x50\n[   36.434669]  ret_from_fork+0x22/0x30\n[   36.435923]  \u003c/TASK\u003e\n[   36.436684]\n[   36.437215] Allocated by task 24:\n[   36.438289]  kasan_set_track+0x50/0x80\n[   36.439436]  __kasan_kmalloc+0x89/0xa0\n[   36.440566]  smsusb_probe+0x374/0xc90\n[   36.441920]  usb_probe_interface+0x2d1/0x4c0\n[   36.443253]  really_probe+0x1d5/0x580\n[   36.444539]  __driver_probe_device+0xe3/0x130\n[   36.446085]  driver_probe_device+0x49/0x220\n[   36.447423]  __device_attach_driver+0x19e/0x1b0\n[   36.448931]  bus_for_each_drv+0xcb/0x110\n[   36.450217]  __device_attach+0x132/0x1f0\n[   36.451470]  bus_probe_device+0x59/0xf0\n[   36.452563]  device_add+0x4ec/0x7b0\n[   36.453830]  usb_set_configuration+0xc63/0xe10\n[   36.455230]  usb_generic_driver_probe+0x3b/0x80\n[   36.456166] printk: console [ttyGS0] disabled\n[   36.456569]  usb_probe_device+0x90/0x110\n[   36.459523]  really_probe+0x1d5/0x580\n[   36.461027]  __driver_probe_device+0xe3/0x130\n[   36.462465]  driver_probe_device+0x49/0x220\n[   36.463847]  __device_attach_driver+0x19e/0x1b0\n[   36.465229]  bus_for_each_drv+0xcb/0x110\n[   36.466466]  __device_attach+0x132/0x1f0\n[   36.467799]  bus_probe_device+0x59/0xf0\n[   36.469010]  device_add+0x4ec/0x7b0\n[   36.470125]  usb_new_device+0x863/0xa00\n[   36.471374]  hub_event+0x18c7/0x2220\n[   36.472746]  process_one_work+0x34c/0x5b0\n[   36.474041]  worker_thread+0x4b7/0x890\n[   36.475216]  kthread+0x166/0x190\n[   36.476267]  ret_from_fork+0x22/0x30\n[   36.477447]\n[   36.478160] Freed by task 24:\n[   36.479239]  kasan_set_track+0x50/0x80\n[   36.480512]  kasan_save_free_info+0x2b/0x40\n[   36.481808]  ____kasan_slab_free+0x122/0x1a0\n[   36.483173]  __kmem_cache_free+0xc4/0x200\n[   36.484563]  smsusb_term_device+0xcd/0xf0\n[   36.485896]  smsusb_probe+0xc85/0xc90\n[   36.486976]  usb_probe_interface+0x2d1/0x4c0\n[   36.488303]  really_probe+0x1d5/0x580\n[   36.489498]  __driver_probe_device+0xe3/0x130\n[   36.491140]  driver_probe_device+0x49/0x220\n[   36.492475]  __device_attach_driver+0x19e/0x1b0\n[   36.493988]  bus_for_each_drv+0xcb/0x110\n[   36.495171]  __device_attach+0x132/0x1f0\n[   36.496617]  bus_probe_device+0x59/0xf0\n[   36.497875]  device_add+0x4ec/0x7b0\n[   36.498972]  usb_set_configuration+0xc63/0xe10\n[   36.500264]  usb_generic_driver_probe+0x3b/0x80\n[   36.501740]  usb_probe_device+0x90/0x110\n[   36.503084]  really_probe+0x1d5/0x580\n[   36.504241]  __driver_probe_device+0xe3/0x130\n[   36.505548]  driver_probe_device+0x49/0x220\n[   36.506766]  __device_attach_driver+0x19e/0x1b0\n[   36.508368]  bus_for_each_drv+0xcb/0x110\n[   36.509646]  __device_attach+0x132/0x1f0\n[   36.510911]  bus_probe_device+0x59/0xf0\n[   36.512103]  device_add+0x4ec/0x7b0\n[   36.513215]  usb_new_device+0x863/0xa00\n[   36.514736]  hub_event+0x18c7/0x2220\n[   36.516130]  process_one_work+\n---truncated---",
  "id": "GHSA-6jgm-8895-m249",
  "modified": "2025-12-30T15:30:34Z",
  "published": "2025-12-30T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54270"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/114f768e7314ca9e1fdbebe11267c4403e89e7f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1477b00ff582970df110fc9e15a5e2021acb9222"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19aadf0eb70edae7180285dbb9bfa237d1ddb34d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/42f8ba8355682f6c4125b75503cac0cef4ac91d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/479796534a450fd44189080d51bebefa3b42c6fc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a41bb59eff7a58a6772f84a5b70ad7ec26dad074"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c379272ea9c2ee36f0a1327b0fb8889c975093f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ebad8e731c1c06adf04621d6fd327b860c0861b5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2023-54270 (GCVE-0-2023-54270)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:16 – Updated: 2025-12-30 12:16

Title

media: usb: siano: Fix use after free bugs caused by do_submit_urb

Summary

In the Linux kernel, the following vulnerability has been resolved: media: usb: siano: Fix use after free bugs caused by do_submit_urb There are UAF bugs caused by do_submit_urb(). One of the KASan reports is shown below: [ 36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890 [ 36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49 [ 36.408316] [ 36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8 [ 36.411696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g15584 [ 36.416157] Workqueue: 0x0 (events) [ 36.417654] Call Trace: [ 36.418546] <TASK> [ 36.419320] dump_stack_lvl+0x96/0xd0 [ 36.420522] print_address_description+0x75/0x350 [ 36.421992] print_report+0x11b/0x250 [ 36.423174] ? _raw_spin_lock_irqsave+0x87/0xd0 [ 36.424806] ? __virt_addr_valid+0xcf/0x170 [ 36.426069] ? worker_thread+0x4a2/0x890 [ 36.427355] kasan_report+0x131/0x160 [ 36.428556] ? worker_thread+0x4a2/0x890 [ 36.430053] worker_thread+0x4a2/0x890 [ 36.431297] ? worker_clr_flags+0x90/0x90 [ 36.432479] kthread+0x166/0x190 [ 36.433493] ? kthread_blkcg+0x50/0x50 [ 36.434669] ret_from_fork+0x22/0x30 [ 36.435923] </TASK> [ 36.436684] [ 36.437215] Allocated by task 24: [ 36.438289] kasan_set_track+0x50/0x80 [ 36.439436] __kasan_kmalloc+0x89/0xa0 [ 36.440566] smsusb_probe+0x374/0xc90 [ 36.441920] usb_probe_interface+0x2d1/0x4c0 [ 36.443253] really_probe+0x1d5/0x580 [ 36.444539] __driver_probe_device+0xe3/0x130 [ 36.446085] driver_probe_device+0x49/0x220 [ 36.447423] __device_attach_driver+0x19e/0x1b0 [ 36.448931] bus_for_each_drv+0xcb/0x110 [ 36.450217] __device_attach+0x132/0x1f0 [ 36.451470] bus_probe_device+0x59/0xf0 [ 36.452563] device_add+0x4ec/0x7b0 [ 36.453830] usb_set_configuration+0xc63/0xe10 [ 36.455230] usb_generic_driver_probe+0x3b/0x80 [ 36.456166] printk: console [ttyGS0] disabled [ 36.456569] usb_probe_device+0x90/0x110 [ 36.459523] really_probe+0x1d5/0x580 [ 36.461027] __driver_probe_device+0xe3/0x130 [ 36.462465] driver_probe_device+0x49/0x220 [ 36.463847] __device_attach_driver+0x19e/0x1b0 [ 36.465229] bus_for_each_drv+0xcb/0x110 [ 36.466466] __device_attach+0x132/0x1f0 [ 36.467799] bus_probe_device+0x59/0xf0 [ 36.469010] device_add+0x4ec/0x7b0 [ 36.470125] usb_new_device+0x863/0xa00 [ 36.471374] hub_event+0x18c7/0x2220 [ 36.472746] process_one_work+0x34c/0x5b0 [ 36.474041] worker_thread+0x4b7/0x890 [ 36.475216] kthread+0x166/0x190 [ 36.476267] ret_from_fork+0x22/0x30 [ 36.477447] [ 36.478160] Freed by task 24: [ 36.479239] kasan_set_track+0x50/0x80 [ 36.480512] kasan_save_free_info+0x2b/0x40 [ 36.481808] ____kasan_slab_free+0x122/0x1a0 [ 36.483173] __kmem_cache_free+0xc4/0x200 [ 36.484563] smsusb_term_device+0xcd/0xf0 [ 36.485896] smsusb_probe+0xc85/0xc90 [ 36.486976] usb_probe_interface+0x2d1/0x4c0 [ 36.488303] really_probe+0x1d5/0x580 [ 36.489498] __driver_probe_device+0xe3/0x130 [ 36.491140] driver_probe_device+0x49/0x220 [ 36.492475] __device_attach_driver+0x19e/0x1b0 [ 36.493988] bus_for_each_drv+0xcb/0x110 [ 36.495171] __device_attach+0x132/0x1f0 [ 36.496617] bus_probe_device+0x59/0xf0 [ 36.497875] device_add+0x4ec/0x7b0 [ 36.498972] usb_set_configuration+0xc63/0xe10 [ 36.500264] usb_generic_driver_probe+0x3b/0x80 [ 36.501740] usb_probe_device+0x90/0x110 [ 36.503084] really_probe+0x1d5/0x580 [ 36.504241] __driver_probe_device+0xe3/0x130 [ 36.505548] driver_probe_device+0x49/0x220 [ 36.506766] __device_attach_driver+0x19e/0x1b0 [ 36.508368] bus_for_each_drv+0xcb/0x110 [ 36.509646] __device_attach+0x132/0x1f0 [ 36.510911] bus_probe_device+0x59/0xf0 [ 36.512103] device_add+0x4ec/0x7b0 [ 36.513215] usb_new_device+0x863/0xa00 [ 36.514736] hub_event+0x18c7/0x2220 [ 36.516130] process_one_work+ ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c379272ea9c2ee36f…
	https://git.kernel.org/stable/c/1477b00ff582970df…
	https://git.kernel.org/stable/c/a41bb59eff7a58a67…
	https://git.kernel.org/stable/c/42f8ba8355682f6c4…
	https://git.kernel.org/stable/c/114f768e7314ca9e1…
	https://git.kernel.org/stable/c/479796534a450fd44…
	https://git.kernel.org/stable/c/19aadf0eb70edae71…
	https://git.kernel.org/stable/c/ebad8e731c1c06adf…

Impacted products

Vendor

Product

Version

Linux

Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < c379272ea9c2ee36f0a1327b0fb8889c975093f7 (git)
Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < 1477b00ff582970df110fc9e15a5e2021acb9222 (git)
Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < a41bb59eff7a58a6772f84a5b70ad7ec26dad074 (git)
Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < 42f8ba8355682f6c4125b75503cac0cef4ac91d3 (git)
Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < 114f768e7314ca9e1fdbebe11267c4403e89e7f2 (git)
Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < 479796534a450fd44189080d51bebefa3b42c6fc (git)
Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < 19aadf0eb70edae7180285dbb9bfa237d1ddb34d (git)
Affected: dd47fbd40e6ea6884e295e13a2e50b0894258fdf , < ebad8e731c1c06adf04621d6fd327b860c0861b5 (git)

Linux

Affected: 4.6
Unaffected: 0 , < 4.6 (semver)
Unaffected: 4.14.308 , ≤ 4.14.* (semver)
Unaffected: 4.19.276 , ≤ 4.19.* (semver)
Unaffected: 5.4.235 , ≤ 5.4.* (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/siano/smsusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c379272ea9c2ee36f0a1327b0fb8889c975093f7",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            },
            {
              "lessThan": "1477b00ff582970df110fc9e15a5e2021acb9222",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            },
            {
              "lessThan": "a41bb59eff7a58a6772f84a5b70ad7ec26dad074",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            },
            {
              "lessThan": "42f8ba8355682f6c4125b75503cac0cef4ac91d3",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            },
            {
              "lessThan": "114f768e7314ca9e1fdbebe11267c4403e89e7f2",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            },
            {
              "lessThan": "479796534a450fd44189080d51bebefa3b42c6fc",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            },
            {
              "lessThan": "19aadf0eb70edae7180285dbb9bfa237d1ddb34d",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            },
            {
              "lessThan": "ebad8e731c1c06adf04621d6fd327b860c0861b5",
              "status": "affected",
              "version": "dd47fbd40e6ea6884e295e13a2e50b0894258fdf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/siano/smsusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.308",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usb: siano: Fix use after free bugs caused by do_submit_urb\n\nThere are UAF bugs caused by do_submit_urb(). One of the KASan reports\nis shown below:\n\n[   36.403605] BUG: KASAN: use-after-free in worker_thread+0x4a2/0x890\n[   36.406105] Read of size 8 at addr ffff8880059600e8 by task kworker/0:2/49\n[   36.408316]\n[   36.408867] CPU: 0 PID: 49 Comm: kworker/0:2 Not tainted 6.2.0-rc3-15798-g5a41237ad1d4-dir8\n[   36.411696] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g15584\n[   36.416157] Workqueue:  0x0 (events)\n[   36.417654] Call Trace:\n[   36.418546]  \u003cTASK\u003e\n[   36.419320]  dump_stack_lvl+0x96/0xd0\n[   36.420522]  print_address_description+0x75/0x350\n[   36.421992]  print_report+0x11b/0x250\n[   36.423174]  ? _raw_spin_lock_irqsave+0x87/0xd0\n[   36.424806]  ? __virt_addr_valid+0xcf/0x170\n[   36.426069]  ? worker_thread+0x4a2/0x890\n[   36.427355]  kasan_report+0x131/0x160\n[   36.428556]  ? worker_thread+0x4a2/0x890\n[   36.430053]  worker_thread+0x4a2/0x890\n[   36.431297]  ? worker_clr_flags+0x90/0x90\n[   36.432479]  kthread+0x166/0x190\n[   36.433493]  ? kthread_blkcg+0x50/0x50\n[   36.434669]  ret_from_fork+0x22/0x30\n[   36.435923]  \u003c/TASK\u003e\n[   36.436684]\n[   36.437215] Allocated by task 24:\n[   36.438289]  kasan_set_track+0x50/0x80\n[   36.439436]  __kasan_kmalloc+0x89/0xa0\n[   36.440566]  smsusb_probe+0x374/0xc90\n[   36.441920]  usb_probe_interface+0x2d1/0x4c0\n[   36.443253]  really_probe+0x1d5/0x580\n[   36.444539]  __driver_probe_device+0xe3/0x130\n[   36.446085]  driver_probe_device+0x49/0x220\n[   36.447423]  __device_attach_driver+0x19e/0x1b0\n[   36.448931]  bus_for_each_drv+0xcb/0x110\n[   36.450217]  __device_attach+0x132/0x1f0\n[   36.451470]  bus_probe_device+0x59/0xf0\n[   36.452563]  device_add+0x4ec/0x7b0\n[   36.453830]  usb_set_configuration+0xc63/0xe10\n[   36.455230]  usb_generic_driver_probe+0x3b/0x80\n[   36.456166] printk: console [ttyGS0] disabled\n[   36.456569]  usb_probe_device+0x90/0x110\n[   36.459523]  really_probe+0x1d5/0x580\n[   36.461027]  __driver_probe_device+0xe3/0x130\n[   36.462465]  driver_probe_device+0x49/0x220\n[   36.463847]  __device_attach_driver+0x19e/0x1b0\n[   36.465229]  bus_for_each_drv+0xcb/0x110\n[   36.466466]  __device_attach+0x132/0x1f0\n[   36.467799]  bus_probe_device+0x59/0xf0\n[   36.469010]  device_add+0x4ec/0x7b0\n[   36.470125]  usb_new_device+0x863/0xa00\n[   36.471374]  hub_event+0x18c7/0x2220\n[   36.472746]  process_one_work+0x34c/0x5b0\n[   36.474041]  worker_thread+0x4b7/0x890\n[   36.475216]  kthread+0x166/0x190\n[   36.476267]  ret_from_fork+0x22/0x30\n[   36.477447]\n[   36.478160] Freed by task 24:\n[   36.479239]  kasan_set_track+0x50/0x80\n[   36.480512]  kasan_save_free_info+0x2b/0x40\n[   36.481808]  ____kasan_slab_free+0x122/0x1a0\n[   36.483173]  __kmem_cache_free+0xc4/0x200\n[   36.484563]  smsusb_term_device+0xcd/0xf0\n[   36.485896]  smsusb_probe+0xc85/0xc90\n[   36.486976]  usb_probe_interface+0x2d1/0x4c0\n[   36.488303]  really_probe+0x1d5/0x580\n[   36.489498]  __driver_probe_device+0xe3/0x130\n[   36.491140]  driver_probe_device+0x49/0x220\n[   36.492475]  __device_attach_driver+0x19e/0x1b0\n[   36.493988]  bus_for_each_drv+0xcb/0x110\n[   36.495171]  __device_attach+0x132/0x1f0\n[   36.496617]  bus_probe_device+0x59/0xf0\n[   36.497875]  device_add+0x4ec/0x7b0\n[   36.498972]  usb_set_configuration+0xc63/0xe10\n[   36.500264]  usb_generic_driver_probe+0x3b/0x80\n[   36.501740]  usb_probe_device+0x90/0x110\n[   36.503084]  really_probe+0x1d5/0x580\n[   36.504241]  __driver_probe_device+0xe3/0x130\n[   36.505548]  driver_probe_device+0x49/0x220\n[   36.506766]  __device_attach_driver+0x19e/0x1b0\n[   36.508368]  bus_for_each_drv+0xcb/0x110\n[   36.509646]  __device_attach+0x132/0x1f0\n[   36.510911]  bus_probe_device+0x59/0xf0\n[   36.512103]  device_add+0x4ec/0x7b0\n[   36.513215]  usb_new_device+0x863/0xa00\n[   36.514736]  hub_event+0x18c7/0x2220\n[   36.516130]  process_one_work+\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:16:00.990Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c379272ea9c2ee36f0a1327b0fb8889c975093f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/1477b00ff582970df110fc9e15a5e2021acb9222"
        },
        {
          "url": "https://git.kernel.org/stable/c/a41bb59eff7a58a6772f84a5b70ad7ec26dad074"
        },
        {
          "url": "https://git.kernel.org/stable/c/42f8ba8355682f6c4125b75503cac0cef4ac91d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/114f768e7314ca9e1fdbebe11267c4403e89e7f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/479796534a450fd44189080d51bebefa3b42c6fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/19aadf0eb70edae7180285dbb9bfa237d1ddb34d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebad8e731c1c06adf04621d6fd327b860c0861b5"
        }
      ],
      "title": "media: usb: siano: Fix use after free bugs caused by do_submit_urb",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54270",
    "datePublished": "2025-12-30T12:16:00.990Z",
    "dateReserved": "2025-12-30T12:06:44.519Z",
    "dateUpdated": "2025-12-30T12:16:00.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-6JGM-8895-M249

CVE-2023-54270 (GCVE-0-2023-54270)

Tags

Sightings

Nomenclature