5907 – [ANCK 5.10] fix CVE-2023-35824

Bug 5907 - [ANCK 5.10] fix CVE-2023-35824

Summary: [ANCK 5.10] fix CVE-2023-35824

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Duplicates (1):	7015 (view as bug list)
Depends on:
Blocks:

Reported:	2023-07-18 16:00 UTC by zhujun
Modified:	2023-10-20 15:25 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zhujun cmss_group

2023-07-18 16:00:23 UTC

一、漏洞信息
漏洞编号：CVE-2023-35824
漏洞归属组件： pci
漏洞归属的版本：kernel 6.3.2 之前
CVSS V3.0分值：7.0
漏洞简述：
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
 
NVD Published Date:
06/18/2023
NVD Last Modified:
06/26/2023

漏洞详情参考链接：https://nvd.nist.gov/vuln/detail/CVE-2023-35824

二 漏洞解决
    因涉kernel 6.3.2 之前，故cloud Linux kernel 5.10需要更新，社区补丁：
    
    1、commit e9d64e90a0ada4d00ac6562e351ef10ae7d9b911 
    git cherry-pick -s e9d64e90a0a （with linux-stable v5.10.180 repo added）

Comment 1 小龙 admin

2023-07-18 16:43:22 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1915

Comment 2 GuixinLiu alibaba_cloud_group

2023-08-16 15:59:23 UTC

already fixed

Comment 3 maqiao alibaba_cloud_group

2023-10-20 15:25:35 UTC

*** Bug 7015 has been marked as a duplicate of this bug. ***