CVE-2023-53314

Summary

In the Linux kernel, the following vulnerability has been resolved:

fbdev/ep93xx-fb: Do not assign to struct fb_info.dev

Do not assing the Linux device to struct fb_info.dev. The call to register_framebuffer() initializes the field to the fbdev device. Drivers should not override its value.

Fixes a bug where the driver incorrectly decreases the hardware device's reference counter and leaks the fbdev device.

v2: * add Fixes tag (Dan)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < ffdf2b020db717853167391a3a8d912e13428fa6affected
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < 1c6ff2a7c593db851f23e31ace2baf557ea9d0ffaffected
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < 8ffa40ff64aa43a9a28fcf209b48d86a3e0f4972affected
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < 4aade6c9100a3537788b6a9c7ac481037d19efdfaffected
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < 309c27162afea79b3c7f8747bb650faf6923b639affected
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < f83c1b13f8154e0284448912756d0a351a1a602aaffected
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < 0517fc5a71333b315164736bbd32608894fbb872affected
LinuxLinux88017bda96a5fd568a982b01546c8fb1782dda62 < f90a0e5265b60cdd3c77990e8105f79aa2fac994affected
LinuxLinux2.6.32affected
LinuxLinux0 < 2.6.32unaffected
LinuxLinux4.14.326 <= 4.14.*unaffected
LinuxLinux4.19.295 <= 4.19.*unaffected
LinuxLinux5.4.257 <= 5.4.*unaffected
LinuxLinux5.10.195 <= 5.10.*unaffected
LinuxLinux5.15.132 <= 5.15.*unaffected
LinuxLinux6.1.54 <= 6.1.*unaffected
LinuxLinux6.5.4 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References