CVE-2023-54103

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: mtk-jpeg: Fix use after free bug due to uncanceled work<br /> <br /> In mtk_jpeg_probe, &amp;jpeg-&gt;job_timeout_work is bound with<br /> mtk_jpeg_job_timeout_work. Then mtk_jpeg_dec_device_run<br /> and mtk_jpeg_enc_device_run may be called to start the<br /> work.<br /> If we remove the module which will call mtk_jpeg_remove<br /> to make cleanup, there may be a unfinished work. The<br /> possible sequence is as follows, which will cause a<br /> typical UAF bug.<br /> <br /> Fix it by canceling the work before cleanup in the mtk_jpeg_remove<br /> <br /> CPU0 CPU1<br /> <br /> |mtk_jpeg_job_timeout_work<br /> mtk_jpeg_remove |<br /> v4l2_m2m_release |<br /> kfree(m2m_dev); |<br /> |<br /> | v4l2_m2m_get_curr_priv<br /> | m2m_dev-&gt;curr_ctx //use