Bug 1212503 (CVE-2023-35825)

Summary:	VUL-0: CVE-2023-35825: kernel-source,kernel-source-rt,kernel-source-azure: Use-after-free was found in r592_remove in drivers/memstick/host/r592.c
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Cathy Hu <cathy.hu>
Component:	Incidents	Assignee:	Kernel Bugs <kernel-bugs>
Status:	RESOLVED DUPLICATE	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None	CC:	security-team, tiwai
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/369822/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Cathy Hu 2023-06-19 09:38:11 UTC

CVE-2023-35825

An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was
found in r592_remove in drivers/memstick/host/r592.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35825
https://www.cve.org/CVERecord?id=CVE-2023-35825
http://www.cvedetails.com/cve/CVE-2023-35825/
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7
https://lore.kernel.org/all/20230523164950.435226211@linuxfoundation.org/
https://lore.kernel.org/lkml/20230501030540.3254928-4-sashal@kernel.org/

Comment 1 Cathy Hu 2023-06-19 09:43:18 UTC

I think this is a duplicate to CVE-2023-3141:
https://bugzilla.suse.com/show_bug.cgi?id=1212129

i will file a duplication request at mitre

*** This bug has been marked as a duplicate of bug 1212129 ***