5971 – [ANCK 5.10] fix CVE-2023-35823

Bug 5971 - [ANCK 5.10] fix CVE-2023-35823

Summary: [ANCK 5.10] fix CVE-2023-35823

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 5.10 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Duplicates (1):	7016 (view as bug list)
Depends on:
Blocks:

Reported:	2023-07-25 11:14 UTC by zhujun
Modified:	2023-10-20 15:30 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zhujun cmss_group

2023-07-25 11:14:55 UTC

一、漏洞信息
漏洞编号：CVE-2023-35823
漏洞归属组件： pci
漏洞归属的版本：kernel 6.3.2 之前
CVSS V3.0分值：7.0
漏洞简述：
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
NVD Published Date:
06/18/2023
NVD Last Modified:
06/26/2023

漏洞详情参考链接：https://nvd.nist.gov/vuln/detail/CVE-2023-35823

二 漏洞解决
   因涉kernel 6.3.2 之前，故cloud Linux kernel 4.19和5.10都需要更新，社区补丁：
   
   1、commit 30cf57da176cca80f11df0d9b7f71581fe601389

 
Reference:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389

Comment 1 小龙 admin

2023-07-25 11:20:27 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1938

Comment 2 小龙 admin

2023-07-25 13:49:03 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1940

Comment 3 小龙 admin

2023-07-25 13:57:54 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1942

Comment 4 GuixinLiu alibaba_cloud_group

2023-08-16 15:57:18 UTC

already fixed

Comment 5 maqiao alibaba_cloud_group

2023-10-20 15:30:12 UTC

*** Bug 7016 has been marked as a duplicate of this bug. ***