A race condition was found in the Philips SAA7134 driver in the Linux kernel. In saa7134_initdev, &dev->video_q.timeout is eventually bound to saa7134_buffer_timeout. If we remove the module or device which will call saa7134_finidev to cleanup, there may be unfinished work. This could lead to a use-after-free issue. Upstream patch & commit: https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz@163.com/t/ https://github.com/torvalds/linux/commit/30cf57da176cca80f11df0d9b7f71581fe601389
*** This bug has been marked as a duplicate of bug 2215835 ***
Which one of the CVEs will be rejected?
I would suggest to reject CVE-2023-3327 which was not yet published, but CVE-2023-35823 is.
Yup, CVE-2023-3327 (this bug) was rejected. I also sent a formal request to MITRE via https://cveform.mitre.org.
Hi Mauro (In reply to Mauro Matteo Cascella from comment #5) > Yup, CVE-2023-3327 (this bug) was rejected. I also sent a formal request to > MITRE via https://cveform.mitre.org. Thanks for the confirmation! Can you as well drop the Bugzilla Alias CVE reference (or update it to CVE-2023-35823 in this bug)?
(In reply to Salvatore Bonaccorso from comment #6) > Thanks for the confirmation! Can you as well drop the Bugzilla Alias > CVE reference (or update it to CVE-2023-35823 in this bug)? Dropping the BZ alias would make the rejected CVE less easy to find, I guess. Not a big deal though, this chat will serve as a good reference in case someone is interested. Done!