SB2024060467 - Use-after-free in Linux kernel input rmi4 driver
Published: June 4, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024060467
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-52840)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rmi_unregister_function() function in drivers/input/rmi4/rmi_bus.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f
- https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff
- https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5
- https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2
- https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f
- https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683
- https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585
- https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.299
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.201
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.139
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.261
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7