5906 – [ANCK 5.10] fix CVE-2023-35828

Bug 5906 - [ANCK 5.10] fix CVE-2023-35828

Summary: [ANCK 5.10] fix CVE-2023-35828

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Duplicates (1):	7004 (view as bug list)
Depends on:
Blocks:

Reported:	2023-07-18 11:10 UTC by zhujun
Modified:	2023-10-20 15:09 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zhujun cmss_group

2023-07-18 11:10:02 UTC

一、漏洞信息
漏洞编号：CVE-2023-35828
漏洞归属组件： usb
漏洞归属的版本：kernel 6.3.2 之前
CVSS V3.0分值：7.0
漏洞简述：
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
 
NVD Published Date:
06/18/2023
NVD Last Modified:
06/26/2023

漏洞详情参考链接：https://nvd.nist.gov/vuln/detail/CVE-2023-35828

二 漏洞解决
    因涉kernel 6.3.2 之前，故cloud Linux kernel 5.10需要更新，社区补丁：
    
    1、commit 36c237b202a406ba441892eabcf44e60dae7ad73 
    git cherry-pick -s 36c237b202a4 （with linux-stable v5.10.180 repo added）

Comment 1 小龙 admin

2023-07-18 11:26:25 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1912

Comment 2 小龙 admin

2023-07-24 14:00:39 UTC

PR: 
https://gitee.com/anolis/cloud-kernel/pulls/1912

Comment 3 maqiao alibaba_cloud_group

2023-10-20 15:09:00 UTC

*** Bug 7004 has been marked as a duplicate of this bug. ***