{"uuid": "48c5ba67-b6fd-4c13-8729-f99970b7c8ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-52907", "type": "seen", "source": "https://t.me/cvedetector/3753", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2023-52907 - \"Linux Kernel NFC PN533 USB Use-After-Free Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2023-52907 \nPublished : Aug. 21, 2024, 7:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nnfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() \n \nFix a use-after-free that occurs in hcd when in_urb sent from \npn533_usb_send_frame() is completed earlier than out_urb. Its callback \nfrees the skb data in pn533_send_async_complete() that is used as a \ntransfer buffer of out_urb. Wait before sending in_urb until the \ncallback of out_urb is called. To modify the callback of out_urb alone, \nseparate the complete function of out_urb and ack_urb. \n \nFound by a modified version of syzkaller. \n \nBUG: KASAN: use-after-free in dummy_timer \nCall Trace: \n memcpy (mm/kasan/shadow.c:65) \n dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352) \n transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453) \n dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972) \n arch_static_branch (arch/x86/include/asm/jump_label.h:27) \n static_key_false (include/linux/jump_label.h:207) \n timer_expire_exit (include/trace/events/timer.h:127) \n call_timer_fn (kernel/time/timer.c:1475) \n expire_timers (kernel/time/timer.c:1519) \n __run_timers (kernel/time/timer.c:1790) \n run_timer_softirq (kernel/time/timer.c:1803) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-21T09:52:20.000000Z"}