Use-after-free in CAN BCM subsystem leading to information disclosure (CVE-2023-52922)

allelesecurity.com

Use-after-free in CAN BCM subsystem leading to information disclosure (CVE-2023-52922)

allelesecurity.com

RSS BotMB to Lobste.rsEnglish · 2 days ago

In 2024, our research team noticed and wrote proofs of concept for a use-after-free vulnerability affecting the latest Red Hat Enterprise Linux 9 (RHEL 9). At the time, kernel version 5.14.0-503.15.1.el9_5. The vulnerability had been fixed on the Linux kernel upstream on July 17, 2023 [1][2]. After we reported it, it was backported to Red Hat Enterprise Linux 9 on March 11, 2025 [3], in the kernel version 5.14.0-503.31.1.el9_5.

Comments

You must log in or register to comment.

Chat